Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-5552

    Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".... Read more

    Affected Products : dtisqlinstaller
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-9438

    In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-19620

    In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for execu... Read more

    Affected Products : red_cloak_windows_agent
    • Published: Dec. 06, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-20623

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-5961

    The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that ser... Read more

    Affected Products : firefox_os
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2016-5506

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.... Read more

    Affected Products : identity_manager
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2020-0047

    In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10And... Read more

    Affected Products : android
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-10698

    A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it ... Read more

    Affected Products : ansible_tower
    • Published: May. 27, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-3815

    A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A loca... Read more

    • Published: Jan. 28, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-30875

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-3316

    The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a ... Read more

    Affected Products : linux-pam
    • Published: Jan. 24, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2020-4629

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-F... Read more

    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-2961

    A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.... Read more

    Affected Products : advancecomp
    • Published: Jun. 06, 2023
    • Modified: Jan. 07, 2025

  • 3.3

    LOW
    CVE-2025-6641

    PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2022-34873

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-9680

    sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstra... Read more

    Affected Products : sudo
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2012-2377

    JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent netwo... Read more

    • Published: Nov. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-31047

    An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.... Read more

    Affected Products : openexr
    • Published: Apr. 08, 2024
    • Modified: Aug. 13, 2025

  • 3.3

    LOW
    CVE-2009-0358

    Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as ... Read more

    Affected Products : firefox
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2025-24304

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293544 Results