Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.5

    LOW
    CVE-2018-20943

    cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.07
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2024-34063

    vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2025-9383

    A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. T... Read more

    Affected Products :
    • Published: Aug. 24, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cryptography

  • 2.5

    LOW
    CVE-2025-23253

    NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to ... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cryptography

  • 2.5

    LOW
    CVE-2016-0259

    runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.04
    • Published: Jun. 26, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2017-18869

    A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.... Read more

    Affected Products : chownr
    • EPSS Score: %0.12
    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2025-5648

    A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack... Read more

    Affected Products : radare2
    • Published: Jun. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2025-54798

    tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4.... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025

  • 2.5

    LOW
    CVE-2021-27645

    The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local sy... Read more

    Affected Products : fedora debian_linux glibc
    • EPSS Score: %0.04
    • Published: Feb. 24, 2021
    • Modified: Jun. 09, 2025

  • 2.5

    LOW
    CVE-2017-18425

    In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.03
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-18391

    cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.07
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-18428

    In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.07
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2021-43566

    All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the... Read more

    Affected Products : samba
    • EPSS Score: %0.22
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2024-42184

    BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.4

    LOW
    CVE-2020-9073

    Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity.... Read more

    Affected Products : p20_firmware p20
    • EPSS Score: %0.03
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-19561

    A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.... Read more

    Affected Products : hermes
    • EPSS Score: %0.06
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-20529

    In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 2.4

    LOW
    CVE-2017-18673

    An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Apr. 07, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-3124

    A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an u... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-0230

    A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.... Read more

    • EPSS Score: %5.16
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 291634 Results