Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-40132

    In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2023-40108

    In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not nee... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-40677

    In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2024-40676

    In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. ... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-40675

    In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-40674

    In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-49749

    In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-49748

    In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-49747

    In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49745

    In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-28457

    An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-28456

    An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-28455

    An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-28451

    An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit wo... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-51316

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e... Read more

    Affected Products : bus_reservation_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-28242

    Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-28238

    Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-28237

    An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2022-46122

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-46121

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293508 Results