Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-26440

    In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-20705

    In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS0... Read more

    Affected Products : android openwrt yocto mt2735 mt6781 mt6789 mt6835 mt6853 mt6855 mt6877 +32 more products
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-20706

    In mbrain, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS0992462... Read more

    Affected Products : android mt6989 mt8676 mt8678 mt6899 mt6991
    • Published: Sep. 01, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2022-38694

    In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products :
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26435

    In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-9329

    Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vuln... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Sep. 02, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-58178

    SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input argument... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2023-21468

    Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-21034

    Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.... Read more

    Affected Products : android
    • Published: Sep. 03, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22416

    In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-56190

    In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43729

    Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthoriz... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-9275

    Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction... Read more

    Affected Products : imaris_viewer
    • Published: Sep. 02, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-55582

    D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesys... Read more

    Affected Products : dcs-825l dcs-825l_firmware
    • Published: Aug. 27, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-7975

    Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this v... Read more

    Affected Products :
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2024-49730

    In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22428

    In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no addi... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2023-41471

    Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function.... Read more

    Affected Products : copyparty
    • Published: Aug. 29, 2025
    • Modified: Sep. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-43268

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-9785

    PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signe... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4406 Results