Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2023-32394

    The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-40529

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 2.4

    LOW
    CVE-2025-4234

    A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubl... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2023-32390

    The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jun. 23, 2023
    • Modified: Dec. 05, 2024

  • 2.4

    LOW
    CVE-2020-10830

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-47274

    ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the ru... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2016-4593

    The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 2.4

    LOW
    CVE-2022-20245

    In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploita... Read more

    Affected Products : android
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2018-21073

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018).... Read more

    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2006-6476

    FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a den... Read more

    Affected Products : first_response
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.4

    LOW
    CVE-2023-21454

    Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.... Read more

    Affected Products : android android dex
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-12039

    Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus includi... Read more

    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-8732

    The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.... Read more

    Affected Products : iphone_os
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-20534

    An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view home-screen wallpaper by adjusting the brightness of a locked screen. The Samsung ID is SVE-2019-15540 (December 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-1795

    There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series ... Read more

    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-19563

    A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.... Read more

    Affected Products : hermes
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-8548

    An issue existed where partially entered passcodes may not clear when the device went to sleep. This issue was addressed by clearing the passcode when a locked device sleeps. This issue is fixed in watchOS 5.2. A partially entered passcode may not clear w... Read more

    Affected Products : watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-34649

    Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.... Read more

    Affected Products : android android
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 2.4

    LOW
    CVE-2023-39842

    Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.... Read more

    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-41181

    Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the v... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results