Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-27570

    LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Mar. 01, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-27572

    LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Mar. 01, 2024
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2024-27571

    LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Mar. 01, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-27569

    LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Mar. 01, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-27568

    LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Mar. 01, 2024
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2024-27567

    LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.... Read more

    • Published: Mar. 01, 2024
    • Modified: Apr. 30, 2025

  • 7.1

    HIGH
    CVE-2020-27792

    A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead t... Read more

    • EPSS Score: %0.03
    • Published: Aug. 19, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2025-0395

    When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page siz... Read more

    Affected Products : glibc
    • Published: Jan. 22, 2025
    • Modified: Apr. 30, 2025

  • 4.9

    MEDIUM
    CVE-2025-2559

    A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefini... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Mar. 25, 2025
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2025-0671

    The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5856

    Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5855

    Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5854

    Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5852

    Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2023-5849

    Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %0.56
    • Published: Nov. 01, 2023
    • Modified: Apr. 29, 2025

  • 6.7

    MEDIUM
    CVE-2023-32834

    In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS081617... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +38 more products
    • EPSS Score: %0.01
    • Published: Nov. 06, 2023
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-44007

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Ses... Read more

    Affected Products : backclick
    • EPSS Score: %0.12
    • Published: Nov. 16, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-42732

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible... Read more

    • EPSS Score: %0.22
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-42533

    In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-42246

    Doufox 0.0.4 contains a CSRF vulnerability that can add system administrator account.... Read more

    Affected Products : duofox_cms
    • EPSS Score: %0.08
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291158 Results