Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-20960

    Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20961

    Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-20962

    Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-20963

    Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-20964

    Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: May. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-44848

    TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca600-poe_firmware ca600-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44860

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44861

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-44862

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44863

    TOTOLINK CA300-POE V6.2c.884_B20180522 was found to contain a command injection vulnerability in the msg_process function via the Url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : ca300-poe_firmware ca300-poe
    • Published: May. 01, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 3.7

    LOW
    CVE-2024-21094

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracl... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 3.7

    LOW
    CVE-2024-21012

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JD... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 3.7

    LOW
    CVE-2024-21085

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2025-30723

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HT... Read more

    Affected Products : bi_publisher
    • Published: Apr. 15, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26998

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through ... Read more

    Affected Products : skt_blocks
    • Published: Apr. 15, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-21007

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : weblogic_server
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-21117

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : outside_in_technology
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-21120

    Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to t... Read more

    Affected Products : outside_in_technology
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2024-21067

    Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logo... Read more

    Affected Products : enterprise_manager_base_platform
    • Published: Apr. 16, 2024
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-4864

    A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/finished.php. The manipulation of the argument ID leads to sql injection. The attack can... Read more

    Affected Products : restaurant_management_system
    • Published: May. 18, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection
Showing 20 of 292803 Results