Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.4

    LOW
    CVE-2019-20595

    An issue was discovered on Samsung mobile devices with P(9.0) software. Quick Panel allows enabling or disabling the Bluetooth stack without authentication. The Samsung ID is SVE-2019-14545 (July 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-1420

    Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.4

    LOW
    CVE-2024-45284

    An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 2.4

    LOW
    CVE-2019-8777

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacke... Read more

    Affected Products : macos mac_os_x
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-8682

    The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.... Read more

    Affected Products : iphone_os watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-8775

    The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.... Read more

    Affected Products : iphone_os watchos ipados
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2025-23074

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2025-1419

    Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite)... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.4

    LOW
    CVE-2025-27432

    The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthor... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2025-53840

    Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 2.4

    LOW
    CVE-2025-52580

    Insertion of sensitive information into log file issue exists in "region PAY" App for Android prior to 1.5.28. If exploited, sensitive user information may be exposed to an attacker who has access to the application logs.... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2025-51643

    Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware us... Read more

    Affected Products : t366g-l_firmware t366g-l
    • Published: Aug. 28, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Information Disclosure

  • 2.4

    LOW
    CVE-2024-46939

    The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 2.4

    LOW
    CVE-2022-24885

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for t... Read more

    Affected Products : nextcloud_server nextcloud notes
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-4265

    IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198.... Read more

    Affected Products : maximo_anywhere
    • Published: Oct. 10, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2022-20529

    In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User intera... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 18, 2025

  • 2.4

    LOW
    CVE-2020-1831

    HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the u... Read more

    Affected Products : mate_20_firmware mate_20
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2019-14359

    On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardwa... Read more

    Affected Products : bc_vault_firmware bc_vault
    • Published: Aug. 12, 2019
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2020-8341

    In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in vari... Read more

    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 2.4

    LOW
    CVE-2021-25409

    Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.... Read more

    Affected Products : android dex
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293934 Results