Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-49748

    In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-49747

    In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49745

    In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 21, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-28457

    An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-28456

    An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-28455

    An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-28451

    An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit wo... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2023-51316

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e... Read more

    Affected Products : bus_reservation_system
    • Published: Feb. 20, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-28242

    Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-28238

    Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-28237

    An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.... Read more

    Affected Products :
    • Published: Apr. 18, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2022-46122

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-46121

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-46120

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-46119

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-46118

    Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.... Read more

    Affected Products : helmet_store_showroom_site
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-44898

    The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate pri... Read more

    Affected Products : aura_sync
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-44832

    D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.... Read more

    Affected Products : dir-3040_firmware dir-3040
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-42814

    A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-42813

    A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate m... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293644 Results