Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-21436

    Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.... Read more

    Affected Products : android android dex
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2007-5207

    guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.... Read more

    Affected Products : guilt
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2024-27332

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: Apr. 01, 2024
    • Modified: Jul. 07, 2025

  • 3.3

    LOW
    CVE-2024-5307

    Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: Jun. 06, 2024
    • Modified: Aug. 06, 2025

  • 3.3

    LOW
    CVE-2018-20939

    cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21346

    In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges... Read more

    Affected Products : android
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-6348

    Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain p... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-14414

    In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-3715

    Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.... Read more

    Affected Products : xen
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2018-20894

    cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-6335

    The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."... Read more

    Affected Products : avg_antivirus
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-1010208

    IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The att... Read more

    Affected Products : veracrypt truecrypt
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-4366

    Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to acces... Read more

    • Published: Nov. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2017-8933

    Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).... Read more

    Affected Products : libmenu-cache
    • Published: May. 15, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2018-4352

    A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.... Read more

    Affected Products : iphone_os
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-0007

    pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.... Read more

    Affected Products : pimd
    • Published: Jan. 11, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2006-1247

    rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : aix
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2025-46614

    In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-46330

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025

  • 3.3

    LOW
    CVE-2025-27534

    in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293584 Results