Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-34339

    In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message... Read more

    Affected Products : ktor
    • Published: Jun. 01, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-35990

    The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40520

    The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.... Read more

    Affected Products : iphone_os tvos watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-41043

    Microsoft Office Information Disclosure Vulnerability... Read more

    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 3.3

    LOW
    CVE-2023-34321

    Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a gues... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Apr. 17, 2025

  • 3.3

    LOW
    CVE-2022-32835

    This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.... Read more

    Affected Products : iphone_os watchos
    • Published: Nov. 01, 2022
    • Modified: May. 06, 2025

  • 3.3

    LOW
    CVE-2023-23498

    A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from a... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-23523

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.... Read more

    Affected Products : macos iphone_os ipados
    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 3.3

    LOW
    CVE-2022-33879

    The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.2... Read more

    Affected Products : tika
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-34951

    Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exp... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 07, 2024
    • Modified: Aug. 07, 2025

  • 3.3

    LOW
    CVE-2023-35022

    IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.... Read more

    Affected Products : infosphere_information_server
    • Published: Jun. 30, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-2053

    emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.... Read more

    Affected Products : emesene
    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-15336

    The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app (versionCode=400, versionName=v4.0.31) that... Read more

    Affected Products : z61_firmware z61
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-40778

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be viewed without authentication.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jul. 29, 2024
    • Modified: Mar. 17, 2025

  • 3.3

    LOW
    CVE-2019-1552

    OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir... Read more

    Affected Products : openssl
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-19057

    Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failur... Read more

    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-15393

    The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=... Read more

    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-2056

    GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.... Read more

    Affected Products : gv
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-15387

    The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3G_ARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app (versionCode=1, versionName=1) that a... Read more

    Affected Products : core_101_firmware core_101
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-2377

    JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent netwo... Read more

    • Published: Nov. 23, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293620 Results