Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2023-38110

    Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to explo... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 3.3

    LOW
    CVE-2022-20251

    In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User... Read more

    Affected Products : android
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20321

    In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20267

    In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2011-1678

    smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger cor... Read more

    Affected Products : samba
    • Published: Apr. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2022-0987

    A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.... Read more

    Affected Products : enterprise_linux packagekit
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-4277

    Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.... Read more

    Affected Products : subversion
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2011-3204

    hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file.... Read more

    Affected Products : hammerhead
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2015-7449

    IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before 6.0.1 iFix5, and 6.0.2 before iFix2; Rational Quality Manager (RQM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, 6.0.x before... Read more

    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-20249

    In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User... Read more

    Affected Products : android
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-2974

    IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934.... Read more

    Affected Products : sametime
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2022-20320

    In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2016-0206

    IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.... Read more

    Affected Products : cloud_orchestrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2020-25779

    Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the w... Read more

    Affected Products : antivirus
    • Published: Oct. 13, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-17289

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software d... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-4345

    IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318.... Read more

    Affected Products : i i
    • Published: May. 17, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-6254

    In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-643406... Read more

    Affected Products : android
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-51491

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature... Read more

    Affected Products : notation-go
    • Published: Jan. 13, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2025-6662

    PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    Affected Products : pdf-xchange_editor pdf-tools
    • Published: Jun. 25, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 3.3

    LOW
    CVE-2025-26419

    In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 294533 Results