Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-48522

    In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-36905

    In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-21034

    Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-48546

    In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48563

    In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-48553

    In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-9328

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vuln... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Sep. 02, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-9817

    SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-23314

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of p... Read more

    Affected Products : nemo
    • Published: Aug. 26, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-48552

    In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interac... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-58374

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Be... Read more

    Affected Products : roo_code
    • Published: Sep. 06, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Supply Chain

  • 7.8

    HIGH
    CVE-2025-32346

    In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26452

    In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2022-38695

    In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26435

    In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48531

    In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22433

    In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-57809

    XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.... Read more

    Affected Products : xgrammar
    • Published: Aug. 25, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2024-52284

    Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.... Read more

    Affected Products : rancher
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2025-52545

    E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4404 Results