Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2022-39043

    Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.... Read more

    Affected Products : juiker
    • EPSS Score: %0.05
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-4624

    Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.... Read more

    Affected Products : bookstack
    • EPSS Score: %0.26
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-12425

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying... Read more

    Affected Products : libreoffice
    • Published: Jan. 07, 2025
    • Modified: Jan. 07, 2025
    • Vuln Type: Path Traversal

  • 2.4

    LOW
    CVE-2022-36876

    Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.... Read more

    Affected Products : samsung_pass pass
    • EPSS Score: %0.14
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-21454

    Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.... Read more

    Affected Products : android android dex
    • EPSS Score: %0.11
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-1421

    Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker c... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025

  • 2.4

    LOW
    CVE-2023-20528

    Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. ... Read more

    • EPSS Score: %0.07
    • Published: Jan. 11, 2023
    • Modified: Apr. 07, 2025

  • 2.4

    LOW
    CVE-2024-22412

    ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access control... Read more

    Affected Products : clickhouse
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-20855

    Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 07, 2025

  • 2.4

    LOW
    CVE-2022-0005

    Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.... Read more

    • EPSS Score: %0.04
    • Published: May. 12, 2022
    • Modified: May. 05, 2025

  • 2.4

    LOW
    CVE-2019-14357

    On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardwar... Read more

    • EPSS Score: %0.06
    • Published: Aug. 10, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-30750

    Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with net... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2024-3128

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Replify-Messenger 1.0 on Android. This issue affects some unknown processing of the file androidmanifest.xml of the component Backup File Handler. The ... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-46383

    Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.... Read more

    Affected Products :
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 2.4

    LOW
    CVE-2022-31224

    Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior... Read more

    • EPSS Score: %0.11
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-20245

    In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-19563

    A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.... Read more

    Affected Products : hermes
    • EPSS Score: %0.06
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-4071

    In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD is set. Currently the string comparison between configured cre... Read more

    Affected Products : django-basic-auth-ip-whitelist
    • EPSS Score: %0.11
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-19557

    A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.... Read more

    Affected Products : hermes
    • EPSS Score: %0.06
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-12039

    Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus includi... Read more

    • EPSS Score: %0.06
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results