Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2024-40851

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 28, 2024
    • Modified: Oct. 30, 2024

  • 2.4

    LOW
    CVE-2024-3823

    The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : base64_encoderdecoder
    • Published: May. 15, 2024
    • Modified: May. 15, 2025

  • 2.4

    LOW
    CVE-2024-27314

    Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SD... Read more

    • Published: May. 27, 2024
    • Modified: Jun. 17, 2025

  • 2.4

    LOW
    CVE-2014-0404

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.4

    LOW
    CVE-2024-29338

    Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.... Read more

    Affected Products : anchor_cms
    • Published: Mar. 22, 2024
    • Modified: Mar. 28, 2025

  • 2.4

    LOW
    CVE-2020-3891

    A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.... Read more

    Affected Products : iphone_os watchos ipad_os
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-12801

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Jan. 03, 2025

  • 2.4

    LOW
    CVE-2021-27456

    Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.... Read more

    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2017-7139

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during... Read more

    Affected Products : iphone_os
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2018-4387

    A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.... Read more

    Affected Products : iphone_os
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-29063

    The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encry... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-8742

    The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.... Read more

    Affected Products : iphone_os
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-47274

    ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the ru... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2023-0195

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver... Read more

    Affected Products : windows virtual_gpu
    • Published: Apr. 01, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-1795

    There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series ... Read more

    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-20559

    An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery allows viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-20534

    An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-19563

    A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.... Read more

    Affected Products : hermes
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-4325

    A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.... Read more

    Affected Products : iphone_os
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-7924

    Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnera... Read more

    Affected Products : anne-al00_firmware anne-al00
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293186 Results