Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-53176

    Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2021-0987

    In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no addit... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-6371

    The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulne... Read more

    Affected Products : n900_wireless_router
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-6780

    Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.... Read more

    Affected Products :
    • Published: Jul. 16, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-0994

    In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional ex... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-20977

    Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : notes
    • Published: May. 07, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2022-28794

    Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.... Read more

    Affected Products : android dex
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2015-4033

    Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000.... Read more

    Affected Products : s-beam
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-5355

    welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.... Read more

    Affected Products : xdiagnose
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2023-20570

    Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. ... Read more

    • Published: Feb. 13, 2024
    • Modified: Mar. 22, 2025

  • 3.3

    LOW
    CVE-2022-20558

    In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 3.3

    LOW
    CVE-2016-2567

    secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by th... Read more

    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2019-14671

    Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fin... Read more

    Affected Products : firefly_iii
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-7993

    Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012.... Read more

    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-20257

    In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-14396

    API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-31815

    GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity ... Read more

    • Published: Apr. 28, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-3700

    yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used u... Read more

    Affected Products : openldap2 yast2-security
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-2291

    Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : couchdb-statistics
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20519

    In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025
Showing 20 of 294276 Results