Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-9026

    In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 character... Read more

    Affected Products : php php-fpm
    • Published: Oct. 08, 2024
    • Modified: Aug. 19, 2025

  • 3.3

    LOW
    CVE-2022-42336

    Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was intro... Read more

    Affected Products : xen
    • Published: May. 17, 2023
    • Modified: Jan. 22, 2025

  • 3.3

    LOW
    CVE-2024-56467

    IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2022-42758

    In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.... Read more

    Affected Products : android sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 t618 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 3.3

    LOW
    CVE-2007-0523

    The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.... Read more

    Affected Products : n70
    • Published: Jan. 26, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2024-34015

    Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Feb. 27, 2025

  • 3.3

    LOW
    CVE-2024-28745

    Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is explo... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28473

    Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section.... Read more

    Affected Products : concrete_cms concrete5
    • Published: Apr. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-20102

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Apr. 07, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-32054

    In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file... Read more

    Affected Products : intellij_idea
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2018-0106

    A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An atta... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-22365

    There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of inter... Read more

    Affected Products : ese620x_vess_firmware ese620x_vess
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-42757

    In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.... Read more

    Affected Products : android sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 t618 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 3.3

    LOW
    CVE-2022-35900

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file containing crafted data can force an out-of-bounds read. Exp... Read more

    Affected Products : microstation view
    • Published: Jul. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-2105

    The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.... Read more

    Affected Products : show_in_browser
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2019-0174

    Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.... Read more

    • Published: Jun. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-30753

    Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-5292

    Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error r... Read more

    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-4046

    The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.... Read more

    Affected Products : dcs-932l_firmware dcs-932l
    • Published: Dec. 24, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2017-15530

    Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the applicat... Read more

    Affected Products : norton_family
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293620 Results