Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2022-20559

    In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no addit... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 3.3

    LOW
    CVE-2022-20320

    In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-22426

    IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and... Read more

    • Published: Jun. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-1422

    IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.... Read more

    Affected Products : maas360_dtm
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2024-34671

    Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : internet
    • Published: Oct. 08, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-30111

    HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising secur... Read more

    Affected Products :
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-4864

    The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.... Read more

    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2022-35905

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Ex... Read more

    Affected Products : microstation view
    • Published: Jul. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-2249

    Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.... Read more

    Affected Products : team_foundation_server
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-15334

    The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.27) tha... Read more

    Affected Products : iris_88_firmware iris_88
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-15467

    The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=A2060_2... Read more

    Affected Products : mix_2s_firmware mix_2s
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-14410

    Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-19620

    In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for execu... Read more

    Affected Products : red_cloak_windows_agent
    • Published: Dec. 06, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-20880

    cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-27345

    Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit th... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: Apr. 03, 2024
    • Modified: Jun. 03, 2025

  • 3.3

    LOW
    CVE-2024-5812

    A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.... Read more

    Affected Products : beyondinsight_password_safe
    • Published: Jun. 11, 2024
    • Modified: Feb. 11, 2025

  • 3.3

    LOW
    CVE-2024-42329

    The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to r... Read more

    Affected Products : zabbix
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 3.3

    LOW
    CVE-2023-40353

    An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.... Read more

    • Published: Sep. 08, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-40096

    The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.... Read more

    Affected Products : who
    • Published: Aug. 05, 2024
    • Modified: Oct. 28, 2024

  • 3.3

    LOW
    CVE-2023-39341

    "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 ... Read more

    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293613 Results