Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-9387

    In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9401

    In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2018-9405

    In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2018-9461

    In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2018-9464

    In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2017-13317

    In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2017-13318

    In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitati... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2018-9373

    In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2018-9378

    In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-52919

    In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2025-52918

    Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52917

    The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-39332

    Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.... Read more

    Affected Products : webswing
    • Published: Oct. 31, 2024
    • Modified: Jul. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-44081

    In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.... Read more

    Affected Products : jitsi_meet
    • Published: Oct. 29, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2024-44080

    In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format... Read more

    Affected Products : meet jitsi_meet
    • Published: Oct. 29, 2024
    • Modified: Jul. 10, 2025

  • 5.9

    MEDIUM
    CVE-2024-50383

    Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). An addition can be skipped if a carry is not set. This was observed for GCC... Read more

    Affected Products : botan
    • Published: Oct. 23, 2024
    • Modified: Jul. 10, 2025

  • 5.9

    MEDIUM
    CVE-2024-50382

    Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.... Read more

    Affected Products : botan
    • Published: Oct. 23, 2024
    • Modified: Jul. 10, 2025

  • 7.8

    HIGH
    CVE-2024-29821

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.... Read more

    Affected Products : desktop_\&_server_management
    • Published: Oct. 18, 2024
    • Modified: Jul. 10, 2025

  • 2.2

    LOW
    CVE-2025-52916

    Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).... Read more

    Affected Products :
    • Published: Jun. 21, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-29213

    Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector.... Read more

    Affected Products : desktop_\&_server_management
    • Published: Oct. 18, 2024
    • Modified: Jul. 10, 2025
Showing 20 of 291520 Results