Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2021-41181

    Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the v... Read more

    Affected Products : talk nextcloud_server notes
    • EPSS Score: %0.05
    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-48506

    A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymizat... Read more

    Affected Products : democracy_suite
    • EPSS Score: %0.06
    • Published: Jun. 19, 2023
    • Modified: Jan. 02, 2025

  • 2.4

    LOW
    CVE-2016-11027

    An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-36857

    Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.... Read more

    Affected Products : android dex photo_editor
    • EPSS Score: %0.09
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-20855

    Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 07, 2025

  • 2.4

    LOW
    CVE-2022-24885

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for t... Read more

    Affected Products : nextcloud_server nextcloud notes
    • EPSS Score: %0.07
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-33706

    Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.... Read more

    Affected Products : samsung_gallery
    • EPSS Score: %0.14
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-19561

    A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.... Read more

    Affected Products : hermes
    • EPSS Score: %0.06
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-21454

    Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.... Read more

    Affected Products : android android dex
    • EPSS Score: %0.11
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-30750

    Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with net... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 29, 2025

  • 2.4

    LOW
    CVE-2024-23240

    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.... Read more

    Affected Products : iphone_os ipad_os ipados
    • Published: Mar. 08, 2024
    • Modified: Dec. 06, 2024

  • 2.4

    LOW
    CVE-2022-36876

    Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.... Read more

    Affected Products : samsung_pass pass
    • EPSS Score: %0.14
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-4325

    A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-4387

    A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-4238

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-40822

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access ... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jul. 29, 2024
    • Modified: Mar. 27, 2025

  • 2.4

    LOW
    CVE-2025-52580

    Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 22, 2025

  • 2.4

    LOW
    CVE-2024-48909

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their re... Read more

    Affected Products : spicedb
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 2.4

    LOW
    CVE-2020-25824

    Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches th... Read more

    Affected Products : telegram_desktop
    • EPSS Score: %0.08
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-20559

    An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291010 Results