Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2018-0966

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40134

    In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation... Read more

    Affected Products : android
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40137

    In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Published: Oct. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-1906

    Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite a... Read more

    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2014-0027

    The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : flite
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2013-7048

    OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.... Read more

    Affected Products : nova
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2018-7957

    Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain us... Read more

    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-40439

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 3.3

    LOW
    CVE-2007-5200

    hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.... Read more

    Affected Products : opensuse opensuse
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.3

    LOW
    CVE-2024-44222

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 3.3

    LOW
    CVE-2023-40384

    A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-2480

    The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : debian_linux wireshark opensuse
    • Published: Mar. 07, 2013
    • Modified: Apr. 11, 2025

  • 3.3

    LOW
    CVE-2019-11485

    Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.... Read more

    Affected Products : ubuntu_linux apport apport
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-23493

    A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.... Read more

    Affected Products : macos
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2014-6060

    The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed... Read more

    Affected Products : android dhcpcd
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.3

    LOW
    CVE-2023-40395

    The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2023-42093

    Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulne... Read more

    Affected Products : pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2024-40791

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information ab... Read more

    Affected Products : macos iphone_os ipados
    • Published: Sep. 17, 2024
    • Modified: Mar. 19, 2025

  • 3.3

    LOW
    CVE-2023-38106

    Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 3.3

    LOW
    CVE-2024-44290

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user’s current location.... Read more

    Affected Products : iphone_os watchos ipados
    • Published: Dec. 12, 2024
    • Modified: Dec. 16, 2024
Showing 20 of 294837 Results