Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2025-1420

    Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.4

    LOW
    CVE-2025-23074

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2013-0420

    Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 201... Read more

    Affected Products : opensuse vm_virtualbox virtualization
    • EPSS Score: %0.11
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.4

    LOW
    CVE-2016-4593

    The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 2.4

    LOW
    CVE-2017-13844

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.08
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2016-1000002

    gdm3 3.14.2 and possibly later has an information leak before screen lock... Read more

    • EPSS Score: %0.16
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-32872

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.05
    • Published: Sep. 20, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-32879

    A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 2.4

    LOW
    CVE-2006-6477

    FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-... Read more

    Affected Products : first_response
    • EPSS Score: %0.07
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.4

    LOW
    CVE-2024-48909

    SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their re... Read more

    Affected Products : spicedb
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 2.4

    LOW
    CVE-2024-20995

    Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network acc... Read more

    Affected Products : database_server database_-_sharding
    • Published: Apr. 16, 2024
    • Modified: Dec. 03, 2024

  • 2.4

    LOW
    CVE-2019-19533

    In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.04
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2011-2292

    Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.... Read more

    Affected Products : solaris
    • EPSS Score: %0.14
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.4

    LOW
    CVE-2024-20855

    Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 07, 2025

  • 2.4

    LOW
    CVE-2024-12801

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 03, 2025

  • 2.4

    LOW
    CVE-2024-27803

    A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 14, 2024
    • Modified: Mar. 25, 2025

  • 2.4

    LOW
    CVE-2024-44139

    The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.... Read more

    Affected Products : iphone_os ipad_os ipados
    • Published: Sep. 17, 2024
    • Modified: Mar. 20, 2025

  • 2.4

    LOW
    CVE-2025-21312

    Windows Smart Card Reader Information Disclosure Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2023-32365

    The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.04
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-27835

    This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.... Read more

    Affected Products : iphone_os ipad_os ipados
    • Published: May. 14, 2024
    • Modified: Dec. 12, 2024
Showing 20 of 291312 Results