Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-43307

    This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-43331

    A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2025-0077

    In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Race Condition

  • 4.0

    MEDIUM
    CVE-2025-54142

    Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin serv... Read more

    Affected Products : akamaighost
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-22415

    In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-36082

    IBM OpenPages 9.0 and 9.1 allows web page cache to be stored locally which can be read by another user on the system.... Read more

    Affected Products : openpages_with_watson
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2024-49739

    In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.0

    MEDIUM
    CVE-2025-48528

    In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2023-21469

    Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-55904

    Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM,... Read more

    Affected Products : open5gs
    • Published: Sep. 17, 2025
    • Modified: Sep. 23, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2025-24133

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26 and iPadOS 26. Keyboard suggestions may display sensitive information on the lock screen.... Read more

    Affected Products : iphone_os ipados
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-26417

    In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges ... Read more

    Affected Products : android
    • Published: Aug. 26, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-21026

    Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-43370

    A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.... Read more

    Affected Products : xcode
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Path Traversal

  • 4.0

    MEDIUM
    CVE-2025-49728

    Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.... Read more

    Affected Products : pc_manager
    • Published: Sep. 16, 2025
    • Modified: Sep. 17, 2025

  • 4.0

    MEDIUM
    CVE-2025-21029

    Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-43203

    The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.... Read more

    Affected Products : iphone_os ipados
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2023-21470

    Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2023-21471

    Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 3.9

    LOW
    CVE-2023-31365

    An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability.... Read more

    Affected Products :
    • Published: Sep. 06, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4407 Results