Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.8

    LOW
    CVE-2025-48930

    The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.... Read more

    Affected Products : telemessage
    • Published: May. 28, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Information Disclosure

  • 2.8

    LOW
    CVE-2023-43745

    Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2016-4511

    ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file.... Read more

    Affected Products : pcm600
    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 2.8

    LOW
    CVE-2022-20327

    In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2025-44021

    OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conduc... Read more

    Affected Products : ironic
    • Published: May. 08, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Path Traversal

  • 2.8

    LOW
    CVE-2024-22384

    Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : trace_analyzer_and_collector
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2024-53921

    An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.... Read more

    Affected Products : windows magician
    • Published: Dec. 03, 2024
    • Modified: Jun. 03, 2025

  • 2.8

    LOW
    CVE-2024-2314

    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not a... Read more

    • Published: Mar. 10, 2024
    • Modified: Aug. 26, 2025

  • 2.8

    LOW
    CVE-2023-31028

    NVIDIA nvJPEG2000 Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.... Read more

    Affected Products :
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2023-41824

    An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data. ... Read more

    Affected Products :
    • Published: May. 03, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2024-0080

    NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service. ... Read more

    Affected Products :
    • Published: Apr. 05, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2018-3084

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2020-14740

    Vulnerability in the SQL Developer Install component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Client Computer User Acco... Read more

    Affected Products : sql_developer
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2016-5551

    Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4.3. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the in... Read more

    Affected Products : solaris_cluster
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 2.8

    LOW
    CVE-2011-3520

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect integrity via unknown vectors related to Personalization.... Read more

    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.8

    LOW
    CVE-2023-45733

    Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 2.8

    LOW
    CVE-2013-6398

    The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.... Read more

    Affected Products : cloudstack
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.8

    LOW
    CVE-2025-54781

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token ca... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.8

    LOW
    CVE-2025-1698

    Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Denial of Service

  • 2.8

    LOW
    CVE-2023-3674

    A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as ... Read more

    Affected Products : enterprise_linux fedora keylime
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293603 Results