Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2021-0992

    In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-1031

    In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-45085

    An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impa... Read more

    Affected Products : hypercloud
    • EPSS Score: %0.03
    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-24511

    Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2014-1321

    Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.06
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-29508

    Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.... Read more

    Affected Products : ghostscript
    • Published: Jul. 03, 2024
    • Modified: Mar. 17, 2025

  • 3.3

    LOW
    CVE-2010-5105

    The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.... Read more

    Affected Products : blender
    • EPSS Score: %0.05
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-0217

    A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region c... Read more

    Affected Products : enterprise_linux fedora packagekit
    • EPSS Score: %0.02
    • Published: Jan. 03, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-46792

    In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-46794

    In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Nov. 20, 2024

  • 3.3

    LOW
    CVE-2013-4116

    lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.... Read more

    Affected Products : npm node_packaged_modules
    • EPSS Score: %0.10
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-0009

    The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 ... Read more

    • EPSS Score: %0.94
    • Published: Feb. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-50044

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl alway... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2024
    • Modified: Nov. 08, 2024

  • 3.3

    LOW
    CVE-2015-9543

    An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setu... Read more

    Affected Products : nova
    • EPSS Score: %0.13
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-38388

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2024
    • Modified: Apr. 01, 2025

  • 3.3

    LOW
    CVE-2024-27799

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including tho... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jun. 10, 2024
    • Modified: Mar. 13, 2025

  • 3.3

    LOW
    CVE-2014-1264

    Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a ... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.05
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2013-4260

    lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/.... Read more

    Affected Products : ansible
    • EPSS Score: %0.08
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-9250

    There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more

    Affected Products : mate_20_pro_firmware mate_20_pro
    • Published: Dec. 20, 2024
    • Modified: Jul. 11, 2025

  • 3.3

    LOW
    CVE-2021-3588

    The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.... Read more

    Affected Products : bluez
    • EPSS Score: %0.04
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results