Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-2687

    Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-12548

    Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction i... Read more

    Affected Products : power_pdf
    • Published: Feb. 11, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2023-26427

    Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are k... Read more

    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-42542

    Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.... Read more

    Affected Products : push_service
    • Published: Nov. 07, 2023
    • Modified: Mar. 06, 2025

  • 3.3

    LOW
    CVE-2014-8243

    Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 b... Read more

    • Published: Nov. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-9250

    There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more

    Affected Products : mate_20_pro_firmware mate_20_pro
    • Published: Dec. 20, 2024
    • Modified: Jul. 11, 2025

  • 3.3

    LOW
    CVE-2022-20525

    In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 3.3

    LOW
    CVE-2024-25991

    In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Mar. 11, 2024
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2022-25823

    Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.... Read more

    Affected Products : galaxy_watch_plugin
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-1125

    IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.... Read more

    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2022-25827

    Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log... Read more

    Affected Products : galaxy_watch_plugin
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12445

    An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with... Read more

    Affected Products : dropbox
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-4472

    The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.... Read more

    Affected Products : poppler
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2014-1321

    Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2013-2102

    The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the s... Read more

    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-5397

    Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allo... Read more

    Affected Products : rational_focal_point
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-18386

    drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-1444

    A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.... Read more

    Affected Products : txt2man txt2man
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-13053

    The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-9763

    Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interacti... Read more

    Affected Products : power_pdf
    • Published: Nov. 22, 2024
    • Modified: Dec. 05, 2024
Showing 20 of 293343 Results