Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2025-21024

    Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2021-0988

    In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local informatio... Read more

    Affected Products : android
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12218

    Unhandled exception in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potential... Read more

    Affected Products : graphics_driver
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-8610

    AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-mes... Read more

    Affected Products : android
    • Published: Dec. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2021-34563

    In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.... Read more

    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-32680

    Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is s... Read more

    Affected Products : fedora nextcloud_server notes
    • Published: Jul. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-26342

    In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to ... Read more

    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-8908

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, o... Read more

    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-44194

    Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows after_effects
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-2708

    Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege wi... Read more

    Affected Products : berkeley_db
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-34688

    iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static... Read more

    Affected Products : windows remotepc
    • Published: Jul. 15, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-3219

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.... Read more

    Affected Products : gnupg
    • Published: Feb. 23, 2023
    • Modified: Mar. 12, 2025

  • 3.3

    LOW
    CVE-2024-54516

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent.... Read more

    Affected Products : macos
    • Published: Jan. 27, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2024-50564

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.... Read more

    Affected Products : forticlient
    • Published: Jan. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 3.3

    LOW
    CVE-2022-30753

    Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-43708

    VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insecure deserialization" issue.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: XML External Entity

  • 3.3

    LOW
    CVE-2019-0174

    Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-5292

    Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error r... Read more

    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-27703

    The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.... Read more

    Affected Products : pikpak
    • Published: Apr. 12, 2023
    • Modified: Feb. 10, 2025

  • 3.3

    LOW
    CVE-2012-4046

    The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.... Read more

    Affected Products : dcs-932l_firmware dcs-932l
    • Published: Dec. 24, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294510 Results