Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.3

    LOW
    CVE-2022-31223

    Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.... Read more

    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-33693

    Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2025-25299

    CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user marke... Read more

    Affected Products : ckeditor5
    • Published: Feb. 20, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2025-2545

    Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its suscepti... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Cryptography

  • 2.3

    LOW
    CVE-2025-24369

    Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by reques... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2024-52800

    veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standar... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Nov. 29, 2024

  • 2.3

    LOW
    CVE-2017-8118

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2018-2923

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.20. Easily exploitable vulnerability allows high privileged attack... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-34397

    Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.... Read more

    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-9252

    HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C... Read more

    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-22887

    A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BI... Read more

    • Published: Mar. 16, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2021-21726

    Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illeg... Read more

    • Published: Mar. 12, 2021
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2022-33700

    Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.... Read more

    Affected Products : android dex
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2024-20914

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Ora... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.3

    LOW
    CVE-2025-43733

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2020-0029

    In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2020-0506

    Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access.... Read more

    Affected Products : graphics_driver
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 2.3

    LOW
    CVE-2023-31304

    Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 04, 2024

  • 2.3

    LOW
    CVE-2024-49709

    Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the ... Read more

    Affected Products :
    • Published: Apr. 14, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2024-52328

    ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293668 Results