Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-38317

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: Jun. 03, 2025

  • 9.1

    CRITICAL
    CVE-2022-39008

    The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-39007

    The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2022-39001

    The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-38887

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-python
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38878

    School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38877

    Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.... Read more

    Affected Products : garage_management_system
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-37250

    Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.... Read more

    Affected Products : craft_cms
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-2913

    The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.... Read more

    Affected Products : login_no_captcha_recaptcha
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-2912

    The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).... Read more

    Affected Products : craw-data
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2024-55069

    ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/iamfdec.c.... Read more

    Affected Products : ffmpeg
    • Published: May. 02, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-31578

    FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.... Read more

    Affected Products : fedora ffmpeg
    • Published: Apr. 17, 2024
    • Modified: Jun. 03, 2025

  • 6.2

    MEDIUM
    CVE-2024-36617

    FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.... Read more

    Affected Products : ffmpeg
    • Published: Nov. 29, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2025-1594

    A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It i... Read more

    Affected Products : ffmpeg
    • Published: Feb. 23, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-1373

    A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local acce... Read more

    Affected Products : ffmpeg
    • Published: Feb. 17, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-7055

    A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attac... Read more

    Affected Products : ffmpeg
    • Published: Aug. 06, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-34256

    OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.... Read more

    Affected Products : ofcms
    • Published: May. 14, 2024
    • Modified: Jun. 03, 2025

  • 6.7

    MEDIUM
    CVE-2024-31952

    An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an admini... Read more

    Affected Products : macos magician
    • Published: May. 14, 2024
    • Modified: Jun. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-36071

    Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path.... Read more

    Affected Products : windows magician
    • Published: Jun. 20, 2024
    • Modified: Jun. 03, 2025

  • 6.7

    MEDIUM
    CVE-2024-31953

    An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker ... Read more

    Affected Products : macos magician
    • Published: May. 14, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 293288 Results