Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2022-31221

    Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.... Read more

    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-44123

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Oct. 28, 2024
    • Modified: Dec. 06, 2024

  • 2.3

    LOW
    CVE-2024-52966

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.... Read more

    Affected Products : fortianalyzer fortianalyzer
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2022-33693

    Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2015-7884

    The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-8569

    The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mecha... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2015-7885

    The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2021-3923

    A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Mar. 27, 2023
    • Modified: Feb. 24, 2025

  • 2.3

    LOW
    CVE-2019-10165

    OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to... Read more

    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-32700

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbu... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-1795

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result ... Read more

    Affected Products : python
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025

  • 2.3

    LOW
    CVE-2025-4754

    Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoe... Read more

    Affected Products : ash_authentication_phoenix
    • Published: Jun. 17, 2025
    • Modified: Jul. 04, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2025-54799

    Let's Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don't enforce HTTPS when talking to CAs as an ACME client. Unlike th... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2015-6556

    EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump.... Read more

    Affected Products : endpoint_encryption
    • Published: Dec. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2022-29812

    In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient... Read more

    Affected Products : intellij_idea
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-20261

    In LocationManager, there is a possible way to get location information due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: An... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2018-2923

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged attack... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2018-20893

    cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2013-0572

    Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote authenticated users to inject cont... Read more

    • Published: Apr. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.3

    LOW
    CVE-2023-31304

    Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 04, 2024
Showing 20 of 293435 Results