Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-35905

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Ex... Read more

    Affected Products : microstation view
    • Published: Jul. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-15100

    In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.... Read more

    Affected Products : freewvs
    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-6156

    In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming f... Read more

    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-27345

    Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit th... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: Apr. 03, 2024
    • Modified: Jun. 03, 2025

  • 3.3

    LOW
    CVE-2024-42329

    The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to r... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.3

    LOW
    CVE-2022-20525

    In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there is a possible leak of visual voicemail package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 3.3

    LOW
    CVE-2023-30618

    Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression whic... Read more

    Affected Products : kitchen-terraform
    • Published: Apr. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12445

    An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with... Read more

    Affected Products : dropbox
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-27332

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Apr. 01, 2024
    • Modified: Jul. 07, 2025

  • 3.3

    LOW
    CVE-2012-4366

    Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to acces... Read more

    • Published: Nov. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2012-6335

    The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."... Read more

    Affected Products : avg_antivirus
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-3715

    Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.... Read more

    Affected Products : xen
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2015-0998

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : aveva_edge wonderware_intouch_2014
    • Published: Mar. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-6348

    Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain p... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-28811

    An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.... Read more

    Affected Products : hit_7300_firmware hit_7300
    • Published: Sep. 30, 2024
    • Modified: May. 30, 2025

  • 3.3

    LOW
    CVE-2020-27056

    In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ... Read more

    Affected Products : android
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-29446

    open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.... Read more

    Affected Products : open_webui
    • Published: Apr. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.3

    LOW
    CVE-2025-46329

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encry... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-24336

    SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2024-8518

    CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user.... Read more

    Affected Products : zelio_soft_2
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024
Showing 20 of 294307 Results