Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-30618

    Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression whic... Read more

    Affected Products : kitchen-terraform
    • Published: Apr. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-34117

    Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.... Read more

    Affected Products : zoom_software_development_kit
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-5693

    The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.... Read more

    Affected Products : magicspam
    • Published: Jan. 14, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-37448

    A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen.... Read more

    Affected Products : macos
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-22308

    There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage.... Read more

    Affected Products : emui magic_ui
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-3669

    A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.... Read more

    Affected Products : development_system
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-29446

    open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.... Read more

    Affected Products : open_webui
    • Published: Apr. 21, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.3

    LOW
    CVE-2020-27056

    In SELinux policies of mls, there is a missing permission check. This could lead to local information disclosure of package metadata with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ... Read more

    Affected Products : android
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2025-46329

    libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encry... Read more

    Affected Products : connector_for_c\/c\+\+
    • Published: Apr. 29, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2003-1366

    chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2015-8034

    The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : salt
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-0175

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about k... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2023-28195

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.... Read more

    Affected Products : macos
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-4749

    Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-20446

    In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges ne... Read more

    Affected Products : android
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 3.3

    LOW
    CVE-2012-3538

    Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.... Read more

    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-20873

    cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-7624

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-5615

    Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.... Read more

    Affected Products : solaris
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2018-2005

    IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007... Read more

    Affected Products : bigfix_platform
    • Published: May. 20, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results