Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2022-33699

    Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2007-3442

    Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a ho... Read more

    Affected Products : blackberry_7270
    • EPSS Score: %0.26
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 2.3

    LOW
    CVE-2019-4666

    IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.... Read more

    Affected Products : urbancode_deploy urbancode_build
    • EPSS Score: %0.12
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-33686

    Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-3923

    A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • EPSS Score: %0.01
    • Published: Mar. 27, 2023
    • Modified: Feb. 24, 2025

  • 2.3

    LOW
    CVE-2021-41808

    In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default.... Read more

    Affected Products : m-files_server
    • EPSS Score: %0.05
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-6580

    The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user... Read more

    Affected Products :
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-33693

    Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-29208

    An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-4811

    In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Jul. 25, 2024
    • Modified: Jul. 02, 2025

  • 2.2

    LOW
    CVE-2024-21237

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileg... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 2.2

    LOW
    CVE-2024-21244

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces... Read more

    Affected Products : mysql mysql_server
    • Published: Oct. 15, 2024
    • Modified: Oct. 16, 2024

  • 2.2

    LOW
    CVE-2025-0250

    HCL IEM is affected by an authorization token sent in cookie vulnerability.  A token used for authentication and authorization is being handled in a manner that may increase its exposure to security risks.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 2.2

    LOW
    CVE-2023-22010

    Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. ... Read more

    Affected Products : essbase
    • EPSS Score: %0.18
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-28051

    Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Nov. 13, 2024
    • Modified: Nov. 15, 2024

  • 2.2

    LOW
    CVE-2025-52916

    Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 2.2

    LOW
    CVE-2024-21101

    Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high p... Read more

    • Published: Apr. 16, 2024
    • Modified: Feb. 10, 2025

  • 2.2

    LOW
    CVE-2024-53861

    pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(... Read more

    Affected Products : pyjwt
    • Published: Nov. 29, 2024
    • Modified: Dec. 02, 2024

  • 2.2

    LOW
    CVE-2024-51755

    Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the sec... Read more

    Affected Products : twig
    • Published: Nov. 06, 2024
    • Modified: Nov. 08, 2024

  • 2.2

    LOW
    CVE-2017-1000401

    The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being lo... Read more

    Affected Products : jenkins
    • EPSS Score: %0.03
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results