Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-20939

    cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28896

    Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. V... Read more

    Affected Products : mib3_firmware mib3
    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40218

    An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.... Read more

    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28351

    An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystr... Read more

    Affected Products : windows insight
    • Published: May. 31, 2023
    • Modified: Jan. 13, 2025

  • 3.3

    LOW
    CVE-2023-2687

    Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-42542

    Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.... Read more

    Affected Products : push_service
    • Published: Nov. 07, 2023
    • Modified: Mar. 06, 2025

  • 3.3

    LOW
    CVE-2023-45816

    Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notificat... Read more

    Affected Products : discourse
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20340

    In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20280

    In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-36319

    Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.... Read more

    Affected Products : networking_os10
    • Published: Nov. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-45585

    An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, ... Read more

    Affected Products : fortisiem
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-1125

    IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.... Read more

    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2022-20318

    In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-36877

    Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.... Read more

    Affected Products : members samsung_members
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28903

    An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.... Read more

    Affected Products :
    • Published: Jun. 28, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2022-20241

    In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20525

    In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 3.3

    LOW
    CVE-2017-17302

    Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local att... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-0481

    In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.... Read more

    Affected Products : quarkus
    • Published: Feb. 24, 2023
    • Modified: Mar. 12, 2025

  • 3.3

    LOW
    CVE-2023-21452

    Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.... Read more

    Affected Products : android android dex
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293606 Results