Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-20078

    In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.... Read more

    Affected Products : android mt6779 mt8791t mt8797 mt6768 mt8321 mt8765 mt8766 mt8768 mt8781 +11 more products
    • Published: Jul. 01, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-20080

    In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I... Read more

    Affected Products : android yocto rdk-b mt2735 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t +28 more products
    • Published: Jul. 01, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-13191

    A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-31403

    Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.... Read more

    Affected Products : garoon
    • Published: Jun. 11, 2024
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-31404

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.... Read more

    Affected Products : garoon
    • Published: Jun. 11, 2024
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2025-4050

    Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: M... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-4051

    Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: ... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4052

    Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: ... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4096

    Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-46335

    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerabil... Read more

    Affected Products : mobile_security_framework
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-4669

    The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output esca... Read more

    Affected Products : events_addon_for_elementor
    • Published: Jun. 11, 2024
    • Modified: May. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-0427

    The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.... Read more

    Affected Products : arforms_form_builder arforms
    • Published: Jun. 12, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2025-1909

    The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the pl... Read more

    Affected Products : buddyboss_platform
    • Published: May. 05, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4359

    A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. ... Read more

    Affected Products : gym_management_system
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4360

    A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. The manipulation of the argument ID leads to sql injection. The... Read more

    Affected Products : gym_management_system
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4362

    A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id leads to sql injection. The attack... Read more

    Affected Products : gym_management_system
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4372

    Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 06, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2023-6487

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for a... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-2119

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-2953

    The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : luckywp_table_of_contents
    • Published: May. 22, 2024
    • Modified: May. 28, 2025
Showing 20 of 291788 Results