Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-20328

    A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit ... Read more

    Affected Products : clamav
    • Published: Mar. 01, 2024
    • Modified: Jul. 23, 2025

  • 6.7

    MEDIUM
    CVE-2025-20308

    A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the ex... Read more

    Affected Products : dna_spaces\ spaces_connector
    • Published: Jul. 02, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2024-7401

    Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use ... Read more

    Affected Products : netskope
    • Published: Aug. 26, 2024
    • Modified: Jul. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-41663

    For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would n... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-41661

    An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-3549

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. T... Read more

    Affected Products : assimp
    • Published: Apr. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-3548

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to... Read more

    Affected Products : assimp
    • Published: Apr. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-3196

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. Th... Read more

    Affected Products : assimp
    • Published: Apr. 04, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-11014

    Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the manage... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Jul. 23, 2025

  • 7.2

    HIGH
    CVE-2024-11013

    Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be ... Read more

    Affected Products :
    • Published: Nov. 29, 2024
    • Modified: Jul. 23, 2025

  • 9.3

    CRITICAL
    CVE-2025-2775

    SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.... Read more

    Affected Products : sysaid
    • Actively Exploited
    • Published: May. 07, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-2776

    SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.... Read more

    Affected Products : sysaid
    • Actively Exploited
    • Published: May. 07, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-6558

    Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Actively Exploited
    • Published: Jul. 15, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-32919

    In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 7.4

    HIGH
    CVE-2024-32921

    In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 7.4

    HIGH
    CVE-2024-32922

    In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 4.0

    MEDIUM
    CVE-2024-32923

    there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2024-32924

    In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 8.8

    HIGH
    CVE-2024-32925

    In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025

  • 5.5

    MEDIUM
    CVE-2024-32926

    there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jun. 13, 2024
    • Modified: Jul. 22, 2025
Showing 20 of 292802 Results