Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-5899

    When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls Project... Read more

    • Published: Jun. 18, 2024
    • Modified: Sep. 08, 2025

  • 6.9

    MEDIUM
    CVE-2024-3036

    Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through 6.1.1-2.... Read more

    Affected Products : 800xa_base_system
    • Published: Jun. 21, 2024
    • Modified: Sep. 08, 2025

  • 10.0

    CRITICAL
    CVE-2024-25100

    Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.... Read more

    Affected Products : coupon_referral_program
    • Published: Feb. 12, 2024
    • Modified: Sep. 08, 2025

  • 3.6

    LOW
    CVE-2025-55188

    7-Zip before 25.01 does not always properly handle symbolic links during extraction.... Read more

    Affected Products : 7-zip
    • Published: Aug. 08, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2024-12564

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can a... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Sep. 08, 2025

  • 8.8

    HIGH
    CVE-2025-3067

    Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity:... Read more

    Affected Products : android chrome edge_chromium
    • Published: Apr. 02, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 3.9

    LOW
    CVE-2025-1939

    Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability aff... Read more

    Affected Products : firefox
    • Published: Mar. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-53149

    Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2014-9200

    Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP C... Read more

    Affected Products : somachine unity_pro somove somove_lite
    • Published: Feb. 01, 2015
    • Modified: Sep. 05, 2025

  • 10.0

    HIGH
    CVE-2014-9199

    The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.... Read more

    Affected Products : java_web_client
    • Published: Jan. 17, 2015
    • Modified: Sep. 05, 2025

  • 10.0

    HIGH
    CVE-2014-9198

    The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.... Read more

    • Published: Jan. 27, 2015
    • Modified: Sep. 05, 2025

  • 10.0

    HIGH
    CVE-2014-9197

    The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct r... Read more

    • Published: Jan. 27, 2015
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-53272

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrec... Read more

    Affected Products : habitica
    • Published: Dec. 12, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-53273

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization funct... Read more

    Affected Products : habitica
    • Published: Dec. 12, 2024
    • Modified: Sep. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-53274

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacke... Read more

    Affected Products : habitica
    • Published: Dec. 12, 2024
    • Modified: Sep. 05, 2025

  • 5.5

    MEDIUM
    CVE-2025-26442

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privilege... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-26436

    In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges nee... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26435

    In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privileg... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-26430

    In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 9.3

    HIGH
    CVE-2014-9196

    Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN... Read more

    Affected Products : proview
    • Published: Jul. 20, 2015
    • Modified: Sep. 05, 2025
Showing 20 of 293350 Results