Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-5693

    The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.... Read more

    Affected Products : magicspam
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21452

    Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.... Read more

    Affected Products : android android dex
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-35798

    Azure Arc Jumpstart Information Disclosure Vulnerability... Read more

    Affected Products : azure_arc_jumpstart
    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-0481

    In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.... Read more

    Affected Products : quarkus
    • Published: Feb. 24, 2023
    • Modified: Mar. 12, 2025

  • 3.3

    LOW
    CVE-2020-8578

    Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.... Read more

    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-1000242

    Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure... Read more

    Affected Products : git_client
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2019-14410

    Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-0183

    Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-25030

    A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may ... Read more

    Affected Products : file_manager secure_private_browser
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-2249

    Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.... Read more

    Affected Products : team_foundation_server
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-15334

    The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) tha... Read more

    Affected Products : iris_88_firmware iris_88
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18424

    In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18421

    cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-20623

    An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-39850

    Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.... Read more

    Affected Products : android dex
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-5237

    The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.... Read more

    Affected Products : wireshark
    • Published: Oct. 04, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2022-30753

    Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-27703

    The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.... Read more

    Affected Products : pikpak
    • Published: Apr. 12, 2023
    • Modified: Feb. 10, 2025

  • 3.3

    LOW
    CVE-2014-4214

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.... Read more

    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2012-4046

    The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.... Read more

    Affected Products : dcs-932l_firmware dcs-932l
    • Published: Dec. 24, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294533 Results