Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-9760

    Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interacti... Read more

    Affected Products : power_pdf
    • Published: Nov. 22, 2024
    • Modified: Dec. 05, 2024

  • 3.3

    LOW
    CVE-2024-9763

    Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interacti... Read more

    Affected Products : power_pdf
    • Published: Nov. 22, 2024
    • Modified: Dec. 05, 2024

  • 3.3

    LOW
    CVE-2022-36878

    Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.... Read more

    Affected Products : find_my_mobile
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-35901

    An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted data can force an out-of-bounds read. Exp... Read more

    Affected Products : microstation view
    • Published: Jul. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-32944

    Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed.... Read more

    Affected Products :
    • Published: May. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-35311

    Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.... Read more

    Affected Products :
    • Published: May. 29, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21759

    Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2021-3981

    A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventuall... Read more

    Affected Products : fedora grub2
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-21512

    Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.... Read more

    Affected Products : android android dex
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-45816

    Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notificat... Read more

    Affected Products : discourse
    • Published: Nov. 10, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-28351

    An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystr... Read more

    Affected Products : windows insight
    • Published: May. 31, 2023
    • Modified: Jan. 13, 2025

  • 3.3

    LOW
    CVE-2023-20726

    In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ... Read more

    Affected Products : android openwrt yocto rdkb mt2735 mt6779 mt6781 mt6783 mt6785 mt6789 +53 more products
    • Published: May. 15, 2023
    • Modified: Jan. 24, 2025

  • 3.3

    LOW
    CVE-2023-42542

    Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.... Read more

    Affected Products : push_service
    • Published: Nov. 07, 2023
    • Modified: Mar. 06, 2025

  • 3.3

    LOW
    CVE-2002-2301

    Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database.... Read more

    Affected Products : lawson_financials
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 3.3

    LOW
    CVE-2019-14402

    cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-36835

    Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.... Read more

    Affected Products : samsung_internet_browser
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2020-2297

    Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : sms_notification
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2019-14412

    Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).... Read more

    Affected Products : cpanel
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2017-18422

    In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2018-12222

    Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.63... Read more

    Affected Products : graphics_driver
    • Published: Mar. 14, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294070 Results