Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-48838

    Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 3.3

    LOW
    CVE-2024-9749

    Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interacti... Read more

    Affected Products : power_pdf
    • Published: Nov. 22, 2024
    • Modified: Nov. 25, 2024

  • 3.3

    LOW
    CVE-2023-27703

    The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.... Read more

    Affected Products : pikpak
    • Published: Apr. 12, 2023
    • Modified: Feb. 10, 2025

  • 3.3

    LOW
    CVE-2023-40386

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments.... Read more

    Affected Products : macos
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-42469

    The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.a... Read more

    Affected Products : full_dialer
    • Published: Sep. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-2745

    Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.  This vulnerabil... Read more

    Affected Products : insightvm
    • Published: Apr. 02, 2024
    • Modified: Feb. 25, 2025

  • 3.3

    LOW
    CVE-2025-49756

    Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.... Read more

    Affected Products : 365_apps
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cryptography

  • 3.3

    LOW
    CVE-2025-27715

    Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 21, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-0249

    HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token was not invalidated which may allow attackers to access sensitive data without authorization.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 3.3

    LOW
    CVE-2025-32054

    In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file... Read more

    Affected Products : intellij_idea
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2021-26908

    Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox... Read more

    Affected Products : automox
    • Published: Apr. 23, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-3581

    Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.... Read more

    Affected Products : messaging_gateway
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2010-4173

    The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.... Read more

    Affected Products : libsdp
    • Published: Nov. 22, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2015-2374

    The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credential... Read more

    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2017-8418

    RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.... Read more

    Affected Products : rubocop
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2007-4462

    lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.... Read more

    Affected Products : po4a
    • Published: Aug. 21, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2021-25486

    Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.... Read more

    Affected Products : android dex
    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-4291

    The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.... Read more

    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2017-17289

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software d... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-6254

    In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-643406... Read more

    Affected Products : android
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293607 Results