Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-21043

    An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018).... Read more

    Affected Products : android exynos_9810
    • EPSS Score: %0.02
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20519

    In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 3.3

    LOW
    CVE-2018-21074

    An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-14396

    API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.07
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20307

    In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-29160

    Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former accou... Read more

    Affected Products : nextcloud_server nextcloud notes
    • EPSS Score: %0.05
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-3700

    yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used u... Read more

    Affected Products : openldap2 yast2-security
    • EPSS Score: %0.04
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20558

    In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 3.3

    LOW
    CVE-2017-8418

    RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.... Read more

    Affected Products : rubocop
    • EPSS Score: %0.06
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2020-2291

    Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : couchdb-statistics
    • EPSS Score: %0.01
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-0345

    Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.... Read more

    Affected Products : omnivista
    • EPSS Score: %0.30
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2022-20257

    In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-14671

    Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fin... Read more

    Affected Products : firefly_iii
    • EPSS Score: %0.05
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28896

    Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. V... Read more

    Affected Products : mib3_firmware mib3
    • EPSS Score: %0.03
    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2002-2301

    Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.... Read more

    Affected Products : lawson_financials
    • EPSS Score: %0.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2023-21349

    In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21346

    In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-17294

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C0... Read more

    • EPSS Score: %0.02
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-5961

    The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that ser... Read more

    Affected Products : firefox_os
    • EPSS Score: %0.09
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2023-40218

    An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.... Read more

    • EPSS Score: %0.01
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results