Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2021-0992

    In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-0989

    In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-1018

    In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional executi... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-3766

    A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/upload_image of the component Image File Upload. The manipulation of the argu... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-3629

    A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. ... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-30728

    Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.... Read more

    Affected Products : android dex
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-31072

    Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `r... Read more

    Affected Products : octokit octokit
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-42336

    Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was intro... Read more

    Affected Products : xen
    • Published: May. 17, 2023
    • Modified: Jan. 22, 2025

  • 3.3

    LOW
    CVE-2022-30741

    Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.... Read more

    Affected Products : find_my_mobile
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-54475

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a user’s current location.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2022-30750

    Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-54493

    This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Mar. 24, 2025

  • 3.3

    LOW
    CVE-2022-47952

    lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to... Read more

    Affected Products : lxc
    • Published: Jan. 01, 2023
    • Modified: Apr. 10, 2025

  • 3.3

    LOW
    CVE-2022-31071

    Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--... Read more

    Affected Products : octopoller
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-30742

    Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.... Read more

    Affected Products : find_my_mobile
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2008-3934

    Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.... Read more

    Affected Products : wireshark
    • Published: Sep. 04, 2008
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2017-18397

    cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-0300

    Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors.... Read more

    Affected Products : message_filter
    • Published: Jul. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2017-1176

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.... Read more

    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2012-1593

    epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.... Read more

    Affected Products : wireshark
    • Published: Apr. 11, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293588 Results