Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2012-2394

    Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP ... Read more

    Affected Products : wireshark
    • Published: Jun. 30, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2022-29053

    A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.... Read more

    Affected Products : fortios
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-3329

    IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log fil... Read more

    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2024-21151

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris ex... Read more

    Affected Products : solaris solaris
    • Published: Jul. 16, 2024
    • Modified: Dec. 05, 2024

  • 3.3

    LOW
    CVE-2024-31870

    IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather inform... Read more

    Affected Products : i
    • Published: Jun. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-25168

    Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module.... Read more

    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-40709

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain th... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-36877

    Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.... Read more

    Affected Products : members samsung_members
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-38934

    readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.... Read more

    Affected Products : toaruos
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 3.3

    LOW
    CVE-2023-28896

    Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. V... Read more

    Affected Products : mib3_firmware mib3
    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21349

    In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Oct. 30, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-2687

    Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.... Read more

    Affected Products : gecko_software_development_kit
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-26427

    Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are k... Read more

    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-12548

    Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction i... Read more

    Affected Products : power_pdf
    • Published: Feb. 11, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2020-2249

    Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.... Read more

    Affected Products : team_foundation_server
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-9250

    There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more

    Affected Products : mate_20_pro_firmware mate_20_pro
    • Published: Dec. 20, 2024
    • Modified: Jul. 11, 2025

  • 3.3

    LOW
    CVE-2023-21232

    In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Aug. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21246

    In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-5307

    Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: Jun. 06, 2024
    • Modified: Aug. 06, 2025

  • 3.3

    LOW
    CVE-2007-5207

    guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.... Read more

    Affected Products : guilt
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293329 Results