Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-22004

    Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application ... Read more

    • Published: Apr. 05, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47038

    In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for ... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47039

    In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47040

    There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    HIGH
    CVE-2010-0425

    modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAP... Read more

    • Published: Mar. 05, 2010
    • Modified: Jul. 24, 2025

  • 7.5

    HIGH
    CVE-2025-47422

    Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and e... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2019-11687

    An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable ... Read more

    Affected Products : dicom_standard
    • Published: May. 02, 2019
    • Modified: Jul. 24, 2025

  • 7.8

    HIGH
    CVE-2024-45328

    An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-25178

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-25177

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-25176

    LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.... Read more

    Affected Products : luajit
    • Published: Jul. 07, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-12718

    Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted ta... Read more

    Affected Products : python
    • Published: Jun. 03, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2024-32915

    In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not n... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 24, 2025

  • 5.9

    MEDIUM
    CVE-2024-32916

    In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 24, 2025

  • 7.1

    HIGH
    CVE-2024-32917

    In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 24, 2025

  • 5.3

    MEDIUM
    CVE-2024-22013

    U-Boot environment is read from unauthenticated partition.... Read more

    • Published: Sep. 16, 2024
    • Modified: Jul. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-44097

    According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to int... Read more

    • Published: Oct. 02, 2024
    • Modified: Jul. 24, 2025

  • 5.5

    MEDIUM
    CVE-2024-32914

    In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2023-48426

    u-boot bug that allows for u-boot shell and interrupt over UART ... Read more

    • Published: Apr. 05, 2024
    • Modified: Jul. 24, 2025

  • 7.4

    HIGH
    CVE-2024-44098

    In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex... Read more

    Affected Products : android
    • Published: Oct. 25, 2024
    • Modified: Jul. 24, 2025
Showing 20 of 292826 Results