Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-24069

    Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a se... Read more

    • EPSS Score: %0.05
    • Published: Jan. 23, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2009-5007

    The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.... Read more

    Affected Products : anyconnect_ssl_vpn
    • EPSS Score: %0.04
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-5636

    Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism b... Read more

    Affected Products : endpoint_security
    • EPSS Score: %0.03
    • Published: Nov. 30, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-1000150

    An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.... Read more

    Affected Products : reverse_proxy_auth
    • EPSS Score: %0.01
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3714

    The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overf... Read more

    Affected Products : xen
    • EPSS Score: %0.18
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-29160

    Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former accou... Read more

    Affected Products : nextcloud_server nextcloud notes
    • EPSS Score: %0.05
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4527

    ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : pcm600
    • EPSS Score: %0.05
    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2018-21074

    An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-42838

    An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed.... Read more

    Affected Products : macos
    • EPSS Score: %0.09
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-38591

    An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August 2021).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-9102

    There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the... Read more

    • EPSS Score: %0.02
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12218

    Unhandled exception in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potential... Read more

    Affected Products : graphics_driver
    • EPSS Score: %0.05
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-7957

    Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain us... Read more

    • EPSS Score: %0.02
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-27358

    An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS).... Read more

    Affected Products :
    • Published: Jul. 26, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-35311

    Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-0983

    In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. This could lead to local information disclosure wit... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-2375

    An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-43264

    In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.... Read more

    Affected Products : mahara
    • EPSS Score: %0.09
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-0995

    In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-32944

    Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed.... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291269 Results