Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-24003

    An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these statio... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2025-24004

    A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the ... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24005

    A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-24006

    A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2024-58114

    Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2020-9250

    There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more

    Affected Products : mate_20_pro_firmware mate_20_pro
    • Published: Dec. 20, 2024
    • Modified: Jul. 11, 2025

  • 4.8

    MEDIUM
    CVE-2025-5125

    The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it.... Read more

    Affected Products : custom_post_carousels_with_owl
    • Published: Jun. 20, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2022-32144

    There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities ... Read more

    Affected Products : cv81-wdm_firmware cv81-wdm
    • Published: Dec. 20, 2024
    • Modified: Jul. 11, 2025

  • 6.1

    MEDIUM
    CVE-2025-48700

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to ... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jun. 23, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5488

    The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products : wp_masonry_\&_infinite_scroll
    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48906

    Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-5540

    The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output esca... Read more

    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-48905

    Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-48904

    Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48903

    Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-6693

    A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/devic... Read more

    Affected Products : rt-thread
    • Published: Jun. 26, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-48902

    Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-22249

    VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-48911

    Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-48910

    Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Jun. 06, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291737 Results