Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-9017

    The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.8

    LOW
    CVE-2025-0885

    Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versio... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-1711

    Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.... Read more

    Affected Products :
    • Published: Jul. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-24333

    Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service proc... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 4.2

    MEDIUM
    CVE-2025-24328

    Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025

  • 7.1

    HIGH
    CVE-2025-24332

    Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband s... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 2.0

    LOW
    CVE-2025-24335

    Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit h... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-27024

    Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target ma... Read more

    Affected Products :
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-26630

    Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2025-24997

    Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-53076

    Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.... Read more

    Affected Products : rlottie
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-53074

    Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.... Read more

    Affected Products : rlottie
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21180

    Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24067

    Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24061

    Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2018-9372

    In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2018-9409

    In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2018-9375

    In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-26631

    Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio_code
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025

  • 7.2

    HIGH
    CVE-2025-24053

    Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication
Showing 20 of 293641 Results