Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2017-8087

    Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.... Read more

    Affected Products : fritz\!os fritz\!box_7490
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2017-7058

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen.... Read more

    Affected Products : iphone_os
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2021-30816

    The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.... Read more

    Affected Products : iphone_os ipados
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-30956

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact in... Read more

    Affected Products : iphone_os ipados
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2024-23240

    The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.... Read more

    Affected Products : iphone_os ipad_os ipados
    • Published: Mar. 08, 2024
    • Modified: Dec. 06, 2024

  • 2.4

    LOW
    CVE-2025-51643

    Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware us... Read more

    Affected Products : t366g-l_firmware t366g-l
    • Published: Aug. 28, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2016-9703

    IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2025-30750

    Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with net... Read more

    • Published: Jul. 15, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2017-13844

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.... Read more

    Affected Products : iphone_os
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2024-4692

    Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization confi... Read more

    Affected Products : application_automation_tools
    • Published: Oct. 16, 2024
    • Modified: Oct. 21, 2024

  • 2.4

    LOW
    CVE-2017-13805

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that sho... Read more

    Affected Products : iphone_os
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2020-8341

    In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in vari... Read more

    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-41181

    Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the v... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-25409

    Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-1755

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the... Read more

    Affected Products : macos
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-39842

    Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device.... Read more

    • Published: Aug. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-33720

    Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.... Read more

    Affected Products : android dex
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-36876

    Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.... Read more

    Affected Products : samsung_pass pass
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2023-4624

    Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.... Read more

    Affected Products : bookstack
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-4265

    IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.... Read more

    Affected Products : maximo_anywhere
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293643 Results