Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.4

    LOW
    CVE-2024-20038

    In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALP... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +21 more products
    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 3.4

    LOW
    CVE-2023-3299

    HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.... Read more

    Affected Products : nomad
    • EPSS Score: %0.23
    • Published: Jul. 20, 2023
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2022-41602

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2022-41594

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41592

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41597

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2023-25840

    There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.... Read more

    Affected Products : linux_kernel arcgis_server windows
    • EPSS Score: %0.18
    • Published: Jul. 21, 2023
    • Modified: Apr. 10, 2025

  • 3.4

    LOW
    CVE-2022-41603

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41595

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2019-2786

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthentic... Read more

    • EPSS Score: %0.21
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2025-43916

    Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attack... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Authentication

  • 3.4

    LOW
    CVE-2007-1716

    pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.07
    • Published: Mar. 27, 2007
    • Modified: Apr. 09, 2025

  • 3.4

    LOW
    CVE-2025-7339

    on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade t... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 3.4

    LOW
    CVE-2023-37900

    Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crosspl... Read more

    Affected Products : crossplane crossplane
    • EPSS Score: %0.06
    • Published: Jul. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2022-41600

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41601

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2025-30163

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` an... Read more

    Affected Products : cilium
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 3.4

    LOW
    CVE-2023-46294

    An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.... Read more

    Affected Products :
    • Published: May. 01, 2024
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2020-14548

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unau... Read more

    Affected Products : business_intelligence
    • EPSS Score: %0.58
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.4

    LOW
    CVE-2024-3471

    The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack... Read more

    Affected Products : button_generator
    • Published: May. 02, 2024
    • Modified: May. 08, 2025
Showing 20 of 291618 Results