Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-53530

    WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confir... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-22281

    ** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project i... Read more

    Affected Products : helix
    • Published: Aug. 20, 2024
    • Modified: Jul. 10, 2025

  • 4.3

    MEDIUM
    CVE-2024-47554

    Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 ... Read more

    • Published: Oct. 03, 2024
    • Modified: Jul. 10, 2025

  • 9.2

    CRITICAL
    CVE-2024-47561

    Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.... Read more

    • Published: Oct. 03, 2024
    • Modified: Jul. 10, 2025

  • 7.7

    HIGH
    CVE-2024-25661

    In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the de... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-25658

    Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and passwords in cleartext.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-33369

    Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask... Read more

    Affected Products : rpshare
    • Published: Sep. 27, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-33368

    An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen... Read more

    Affected Products : rpshare
    • Published: Sep. 27, 2024
    • Modified: Jul. 10, 2025

  • 8.7

    HIGH
    CVE-2025-53531

    WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed t... Read more

    Affected Products : wegia
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2018-9379

    In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2018-9382

    In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2018-9383

    In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2018-9384

    In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2018-9434

    In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2018-9447

    In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2018-9387

    In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9401

    In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2018-9405

    In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2018-9461

    In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2018-9464

    In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization
Showing 20 of 291401 Results