Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2022-32612

    In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +23 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-32602

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; I... Read more

    Affected Products : android mt6833 mt6883 mt8675 mt8791 mt8791t mt8797 mt6983 mt8321 mt8765 +7 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-32601

    In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +31 more products
    • EPSS Score: %0.00
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-30515

    ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.... Read more

    Affected Products : biotime
    • EPSS Score: %0.25
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-26446

    In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : lr13 nr15 nr16 lr12a mt2735 mt6779 mt6781 mt6783 mt6785 mt6785t +46 more products
    • EPSS Score: %1.66
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.3

    HIGH
    CVE-2024-29131

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.... Read more

    • Published: Mar. 21, 2024
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-29133

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.... Read more

    Affected Products : fedora commons_configuration
    • Published: Mar. 21, 2024
    • Modified: May. 01, 2025

  • 5.7

    MEDIUM
    CVE-2024-50997

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 01, 2025

  • 9.0

    CRITICAL
    CVE-2024-42019

    A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.... Read more

    Affected Products : one
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 8.3

    HIGH
    CVE-2024-40714

    An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2024-40713

    A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2024-40712

    A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2025-29041

    An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c... Read more

    • Published: Apr. 17, 2025
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2025-29040

    An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c... Read more

    • Published: Apr. 17, 2025
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2023-5476

    Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %0.58
    • Published: Oct. 11, 2023
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2023-5474

    Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)... Read more

    Affected Products : debian_linux chrome edge_chromium
    • EPSS Score: %0.66
    • Published: Oct. 11, 2023
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-5176

    Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more

    • EPSS Score: %0.59
    • Published: Sep. 27, 2023
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-5172

    A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.... Read more

    Affected Products : firefox
    • EPSS Score: %0.29
    • Published: Sep. 27, 2023
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2023-43261

    An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.... Read more

    • EPSS Score: %93.06
    • Published: Oct. 04, 2023
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44797

    btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.... Read more

    Affected Products : btcd lightning_network_daemon
    • EPSS Score: %0.19
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025
Showing 20 of 291150 Results