Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-49846

    Memory corruption while decoding of OTA messages from T3448 IE.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-49847

    Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-21460

    Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21462

    Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit.... Read more

    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-22886

    in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-25052

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-25218

    in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-25062

    An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.... Read more

    Affected Products : libxml2
    • EPSS Score: %0.15
    • Published: Feb. 04, 2024
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2024-24265

    gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.... Read more

    Affected Products : gpac
    • EPSS Score: %0.17
    • Published: Feb. 05, 2024
    • Modified: May. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-24160

    MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.... Read more

    Affected Products : mrcms
    • EPSS Score: %0.11
    • Published: Feb. 02, 2024
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2024-21111

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where... Read more

    Affected Products : vm_virtualbox windows
    • Published: Apr. 16, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-13860

    The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : buddyboss_platform
    • Published: May. 02, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13859

    The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bp_nouveau_ajax_media_save’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products : buddyboss_platform
    • Published: May. 02, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2022-33180

    A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.06
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2022-33179

    A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.04
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 6.7

    MEDIUM
    CVE-2024-20012

    In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +41 more products
    • EPSS Score: %0.02
    • Published: Feb. 05, 2024
    • Modified: May. 09, 2025

  • 6.1

    MEDIUM
    CVE-2022-31468

    OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.... Read more

    Affected Products : ox_app_suite
    • EPSS Score: %0.15
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-28170

    Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.06
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2022-28169

    Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By e... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.16
    • Published: Oct. 25, 2022
    • Modified: May. 09, 2025

  • 6.1

    MEDIUM
    CVE-2024-0239

    The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.... Read more

    Affected Products : contact_form_7_connector
    • EPSS Score: %0.26
    • Published: Jan. 16, 2024
    • Modified: May. 09, 2025
Showing 20 of 291712 Results