Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-1054

    The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions u... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-0926

    Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for th... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1021

    Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : diskstation_manager
    • Published: Apr. 23, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-26159

    Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-31327

    SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and avai... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2023-51306

    PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, title" parameters.... Read more

    Affected Products : event_ticketing_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-20039

    In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Iss... Read more

    Affected Products : lr13 nr15 nr16 nr17 lr12a mt2735 mt6779 mt6781 mt6783 mt6785 +70 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2024-20040

    In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08... Read more

    Affected Products : android linux_kernel openwrt yocto rdk-b mt6781 mt6789 mt6833 mt6853 mt6853t +47 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 4.4

    MEDIUM
    CVE-2024-20041

    In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID: ALPS08... Read more

    Affected Products : android mt6781 mt6789 mt6835 mt6855 mt6879 mt6886 mt6895 mt6985 mt6989 +6 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.6

    MEDIUM
    CVE-2024-20042

    In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +33 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.6

    MEDIUM
    CVE-2024-20043

    In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +33 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.6

    MEDIUM
    CVE-2024-20044

    In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt6893 +33 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 2.3

    LOW
    CVE-2024-20045

    In audio, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS080247... Read more

    Affected Products : android mt6833 mt6835 mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 mt6879 +24 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.6

    MEDIUM
    CVE-2024-20046

    In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID... Read more

    Affected Products : android mt6789 mt6833 mt6855 mt6895 mt8791t mt8797 mt6761 mt6765 mt6768 +12 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-20047

    In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID: ALPS... Read more

    Affected Products : android mt6781 mt6833 mt6853 mt6877 mt6883 mt6885 mt6893 mt8791 mt8797 +9 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.2

    MEDIUM
    CVE-2024-20048

    In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541769; Issue ID:... Read more

    Affected Products : android mt6781 mt6789 mt6835 mt6855 mt6879 mt6886 mt6895 mt6985 mt6989 +29 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 4.4

    MEDIUM
    CVE-2024-20049

    In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID:... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6879 mt6880 +37 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 4.4

    MEDIUM
    CVE-2024-20050

    In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6879 mt6880 +37 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 2.3

    LOW
    CVE-2024-20051

    In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6879 mt6880 +37 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025

  • 4.4

    MEDIUM
    CVE-2024-20052

    In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID:... Read more

    Affected Products : android openwrt yocto rdk-b mt6781 mt6789 mt6835 mt6855 mt6879 mt6880 +37 more products
    • Published: Apr. 01, 2024
    • Modified: Apr. 23, 2025
Showing 20 of 293620 Results