Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2020-0382

    In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-58064

    CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting (XSS) vulnerability. Ability to exploit could be trigger... Read more

    Affected Products : ckeditor5
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2025-4754

    Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoe... Read more

    Affected Products : ash_authentication_phoenix
    • Published: Jun. 17, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2025-58160

    tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI es... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2025-5992

    When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 2.3

    LOW
    CVE-2022-31223

    Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.... Read more

    • EPSS Score: %0.04
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-29812

    In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient... Read more

    Affected Products : intellij_idea
    • EPSS Score: %0.00
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2007-3442

    Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a ho... Read more

    Affected Products : blackberry_7270
    • EPSS Score: %0.26
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 2.3

    LOW
    CVE-2019-4666

    IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.... Read more

    Affected Products : urbancode_deploy urbancode_build
    • EPSS Score: %0.12
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-2207

    Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having RMAN executabl... Read more

    Affected Products : database database_server
    • EPSS Score: %0.12
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2019-2940

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session privilege with logon to the in... Read more

    Affected Products : database database_server
    • EPSS Score: %0.13
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-2042

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server ... Read more

    • EPSS Score: %0.17
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-24806

    Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. If users are allowed to sign in via both username and email the regulation system treats the... Read more

    Affected Products : authelia
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2024-6580

    The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user... Read more

    Affected Products :
    • Published: Jul. 08, 2024
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2023-21450

    Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting.... Read more

    Affected Products : one_hand_operation_\+
    • EPSS Score: %0.11
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-8991

    vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privi... Read more

    Affected Products : lvm2
    • EPSS Score: %0.16
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2015-6556

    EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.... Read more

    Affected Products : endpoint_encryption
    • EPSS Score: %0.16
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2024-3220

    There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have fi... Read more

    Affected Products : python
    • Published: Feb. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2023-22313

    Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.... Read more

    • EPSS Score: %0.04
    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2013-0572

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject cont... Read more

    • EPSS Score: %0.15
    • Published: Apr. 27, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292425 Results