Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2020-10734

    A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.... Read more

    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2003-1426

    Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory cont... Read more

    Affected Products : cpanel
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2019-8857

    The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-9351

    In SyncStatusObserver, there is a possible bypass for operating system protections that isolate user profiles from each other due to a missing permission check. This could lead to local limited information disclosure with no additional execution privilege... Read more

    Affected Products : android
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-18442

    Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".... Read more

    Affected Products : fedora debian_linux zziplib zziplib
    • Published: Jun. 18, 2021
    • Modified: Jul. 10, 2025

  • 3.3

    LOW
    CVE-2020-19909

    Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated s... Read more

    Affected Products : curl
    • Published: Aug. 22, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-34563

    In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.... Read more

    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-32680

    Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is s... Read more

    Affected Products : fedora nextcloud_server notes
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-29371

    An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 28, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-8908

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, o... Read more

    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-34688

    iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static... Read more

    Affected Products : windows remotepc
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-50564

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.... Read more

    Affected Products : forticlient
    • Published: Jan. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 3.3

    LOW
    CVE-2021-36086

    The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).... Read more

    Affected Products : fedora selinux
    • Published: Jul. 01, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-3655

    A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.... Read more

    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-2708

    Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege wi... Read more

    Affected Products : berkeley_db
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-1736

    A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be chang... Read more

    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-2949

    IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by reading cached web pages from a different user's session.... Read more

    Affected Products : bigfix_remote_control
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2024-3125

    A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attac... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-2978

    IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938.... Read more

    Affected Products : sametime
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-2565

    Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.... Read more

    Affected Products : galaxy_s6_firmware galaxy_s6
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292821 Results