Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2024-36032

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in ... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2013-0572

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject cont... Read more

    • EPSS Score: %0.15
    • Published: Apr. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2015-7884

    The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-7885

    The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2020-29480

    An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, mod... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.06
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-22853

    Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 2.3

    LOW
    CVE-2024-20914

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Ora... Read more

    Affected Products : zfs_storage_appliance_kit
    • EPSS Score: %0.10
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.3

    LOW
    CVE-2022-33700

    Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-22887

    A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BI... Read more

    • EPSS Score: %0.06
    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-21726

    Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illeg... Read more

    • EPSS Score: %0.05
    • Published: Mar. 12, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2015-6556

    EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.... Read more

    Affected Products : endpoint_encryption
    • EPSS Score: %0.16
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2022-20543

    In multiple locations, there is a possible display crash loop due to improper input validation. This could lead to local denial of service with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 2.3

    LOW
    CVE-2024-34715

    Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special... Read more

    Affected Products : fides
    • Published: May. 29, 2024
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-52800

    veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standar... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 2.3

    LOW
    CVE-2020-0506

    Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.... Read more

    Affected Products : graphics_driver
    • EPSS Score: %0.05
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2014-2495

    Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Purchasing.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.53
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2022-23744

    Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.... Read more

    Affected Products : endpoint_security harmony_endpoint
    • EPSS Score: %0.12
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-43733

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2022-20240

    In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 2.3

    LOW
    CVE-2024-48866

    An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fi... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024
Showing 20 of 291615 Results