Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-7957

    Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain us... Read more

    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-41065

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-6463

    Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2023-41310

    Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-46329

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encry... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2024-5198

    OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt.... Read more

    Affected Products : openvpn-gui ovpn-dco-win
    • Published: Jan. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2020-24003

    Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skyp... Read more

    Affected Products : skype
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-20807

    Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.... Read more

    Affected Products : email
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-28811

    An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.... Read more

    Affected Products : hit_7300_firmware hit_7300
    • Published: Sep. 30, 2024
    • Modified: May. 30, 2025

  • 3.3

    LOW
    CVE-2025-29446

    open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.... Read more

    Affected Products : open_webui
    • Published: Apr. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.3

    LOW
    CVE-2021-23188

    Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 3.3

    LOW
    CVE-2022-38934

    readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.... Read more

    Affected Products : toaruos
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 3.3

    LOW
    CVE-2023-45585

    An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, ... Read more

    Affected Products : fortisiem
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-40709

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain th... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-36877

    Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.... Read more

    Affected Products : members samsung_members
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20318

    In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-30752

    Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-24511

    Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2023-28903

    An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2022-33698

    Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293339 Results