Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2025-53840

    Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2025-52580

    Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2022-26703

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2017-8087

    Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.... Read more

    Affected Products : fritz\!os fritz\!box_7490
    • Published: Oct. 22, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2017-7058

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen.... Read more

    Affected Products : iphone_os
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2024-42496

    Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may retrieve the credential information and spoof the device t... Read more

    Affected Products :
    • Published: Sep. 30, 2024
    • Modified: Sep. 30, 2024

  • 2.4

    LOW
    CVE-2024-44179

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the ... Read more

    Affected Products : macos iphone_os ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure

  • 2.3

    LOW
    CVE-2025-1795

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result ... Read more

    Affected Products : python
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025

  • 2.3

    LOW
    CVE-2021-3923

    A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Mar. 27, 2023
    • Modified: Feb. 24, 2025

  • 2.3

    LOW
    CVE-2025-58751

    Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite d... Read more

    Affected Products : vite
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2025-58752

    Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (... Read more

    Affected Products : vite
    • Published: Sep. 08, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Misconfiguration

  • 2.3

    LOW
    CVE-2024-36469

    Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.... Read more

    Affected Products : zabbix
    • Published: Apr. 02, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2022-33693

    Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-40089

    An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Acce... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-47440

    In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later whe... Read more

    Affected Products : linux_kernel
    • Published: May. 22, 2024
    • Modified: Apr. 02, 2025

  • 2.3

    LOW
    CVE-2025-5992

    When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6... Read more

    Affected Products :
    • Published: Jul. 11, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 2.3

    LOW
    CVE-2014-4027

    The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging acc... Read more

    • Published: Jun. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2020-29480

    An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, mod... Read more

    Affected Products : fedora debian_linux xen
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2014-1652

    Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.... Read more

    Affected Products : web_gateway
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.3

    LOW
    CVE-2023-20507

    An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293607 Results