Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2017-13317

    In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2017-13318

    In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitati... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2018-9373

    In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2018-9378

    In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-52919

    In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-52918

    Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52917

    The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-39332

    Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.... Read more

    Affected Products : webswing
    • Published: Oct. 31, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-44081

    In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.... Read more

    Affected Products : jitsi_meet
    • Published: Oct. 29, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2024-44080

    In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format... Read more

    Affected Products : meet jitsi_meet
    • Published: Oct. 29, 2024
    • Modified: Jul. 10, 2025

  • 5.9

    MEDIUM
    CVE-2024-50383

    Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC... Read more

    Affected Products : botan
    • Published: Oct. 23, 2024
    • Modified: Jul. 10, 2025

  • 5.9

    MEDIUM
    CVE-2024-50382

    Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.... Read more

    Affected Products : botan
    • Published: Oct. 23, 2024
    • Modified: Jul. 10, 2025

  • 7.8

    HIGH
    CVE-2024-29821

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.... Read more

    Affected Products : desktop_\&_server_management
    • Published: Oct. 18, 2024
    • Modified: Jul. 10, 2025

  • 2.2

    LOW
    CVE-2025-52916

    Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-29213

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.... Read more

    Affected Products : desktop_\&_server_management
    • Published: Oct. 18, 2024
    • Modified: Jul. 10, 2025

  • 5.7

    MEDIUM
    CVE-2024-27766

    An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 5.9

    MEDIUM
    CVE-2024-46544

    Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomca... Read more

    Affected Products : debian_linux tomcat_connectors
    • Published: Sep. 23, 2024
    • Modified: Jul. 10, 2025

  • 5.6

    MEDIUM
    CVE-2023-39593

    Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2023-26785

    MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.... Read more

    Affected Products : mariadb
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-48036

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Blocks – Gutenberg based Page Builder allows Stored XSS.This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a thro... Read more

    Affected Products : skt_blocks
    • Published: Oct. 17, 2024
    • Modified: Jul. 10, 2025
Showing 20 of 291401 Results