Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2025-1420

    Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025

  • 2.4

    LOW
    CVE-2022-31224

    Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior... Read more

    • EPSS Score: %0.11
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-48506

    A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymizat... Read more

    Affected Products : democracy_suite
    • EPSS Score: %0.06
    • Published: Jun. 19, 2023
    • Modified: Jan. 02, 2025

  • 2.4

    LOW
    CVE-2020-11606

    An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-29338

    Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.... Read more

    Affected Products : anchor_cms
    • Published: Mar. 22, 2024
    • Modified: Mar. 28, 2025

  • 2.4

    LOW
    CVE-2024-34649

    Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 2.4

    LOW
    CVE-2023-39842

    Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.... Read more

    • EPSS Score: %0.01
    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-21077

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-25348

    Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.... Read more

    Affected Products : internet
    • EPSS Score: %0.06
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-20529

    In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 2.4

    LOW
    CVE-2022-39043

    Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.... Read more

    Affected Products : juiker
    • EPSS Score: %0.05
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-1421

    Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker c... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025

  • 2.4

    LOW
    CVE-2024-3629

    The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : hl_twitter
    • Published: May. 15, 2024
    • Modified: May. 15, 2025

  • 2.4

    LOW
    CVE-2021-1862

    Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.06
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-17177

    An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character passwo... Read more

    • EPSS Score: %0.02
    • Published: Sep. 18, 2018
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-4265

    IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.... Read more

    Affected Products : maximo_anywhere
    • EPSS Score: %0.05
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-40851

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 2.4

    LOW
    CVE-2025-24193

    This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.... Read more

    Affected Products : iphone_os ipados
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025

  • 2.4

    LOW
    CVE-2011-2292

    Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.... Read more

    Affected Products : solaris
    • EPSS Score: %0.14
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.4

    LOW
    CVE-2024-40839

    This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 15, 2025
    • Modified: Mar. 14, 2025
Showing 20 of 291058 Results