Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2022-33699

    Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.... Read more

    Affected Products : android dex
    • EPSS Score: %0.02
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-0029

    In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-28238

    Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., we... Read more

    Affected Products : directus
    • Published: Mar. 12, 2024
    • Modified: Jan. 03, 2025

  • 2.3

    LOW
    CVE-2025-3864

    Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue ... Read more

    Affected Products :
    • Published: May. 28, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Denial of Service

  • 2.3

    LOW
    CVE-2019-10165

    OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to... Read more

    • EPSS Score: %0.06
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-52966

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.... Read more

    Affected Products : fortianalyzer fortianalyzer
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2013-4377

    Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.... Read more

    Affected Products : qemu
    • EPSS Score: %0.10
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2024-21253

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 2.3

    LOW
    CVE-2020-9252

    HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C... Read more

    • EPSS Score: %0.03
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-16230

    All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that c... Read more

    • EPSS Score: %0.04
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-36469

    Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.... Read more

    Affected Products : zabbix
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2025-1795

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result ... Read more

    Affected Products : python
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025

  • 2.3

    LOW
    CVE-2014-4027

    The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging acc... Read more

    • EPSS Score: %0.09
    • Published: Jun. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2019-4394

    IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232.... Read more

    Affected Products : cloud_orchestrator
    • EPSS Score: %0.09
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-6703

    Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025

  • 2.3

    LOW
    CVE-2019-2926

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the ... Read more

    Affected Products : vm_virtualbox
    • EPSS Score: %0.13
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-23591

    ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel... Read more

    • Published: Feb. 16, 2024
    • Modified: Jul. 23, 2025

  • 2.3

    LOW
    CVE-2024-54133

    Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, ... Read more

    Affected Products : rails
    • Published: Dec. 10, 2024
    • Modified: Mar. 07, 2025

  • 2.3

    LOW
    CVE-2017-10292

    Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to ... Read more

    Affected Products : database
    • EPSS Score: %0.07
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2025-4754

    Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoe... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Authentication
Showing 20 of 291641 Results