Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2019-6538

    The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Ev... Read more

    • Published: Mar. 25, 2019
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2025-25500

    An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthoriz... Read more

    Affected Products : cosmwasm
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-30113

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings t... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30114

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofin... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30115

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing una... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30116

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Addi... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-30117

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain s... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-27558

    IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames tow... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-23687

    Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. ... Read more

    Affected Products : mod-data-export-spring
    • Published: Jan. 19, 2024
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2023-50777

    Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : paaslane_estimate
    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2023-50768

    A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing c... Read more

    Affected Products : nexus_platform
    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2023-47325

    Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.... Read more

    Affected Products : silverpeas
    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 8.1

    HIGH
    CVE-2023-47320

    Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application u... Read more

    Affected Products : silverpeas
    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 4.7

    MEDIUM
    CVE-2023-45864

    A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas.... Read more

    • Published: Dec. 13, 2023
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2023-35622

    Windows DNS Spoofing Vulnerability... Read more

    • Published: Dec. 12, 2023
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-40358

    An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.... Read more

    Affected Products : ajaxplorer
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40105

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-40104

    Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 6.4

    MEDIUM
    CVE-2022-35721

    IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-35251

    A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content o... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 292834 Results