Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-9372

    In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2018-9409

    In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2018-9375

    In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-26631

    Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio_code
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025

  • 7.2

    HIGH
    CVE-2025-24053

    Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-29807

    Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-29814

    Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Published: Mar. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-26683

    Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_playwright
    • Published: Mar. 31, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-27591

    A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks ... Read more

    Affected Products : below
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24045

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-25659

    In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 03, 2025

  • 9.0

    CRITICAL
    CVE-2024-25660

    The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-33210

    A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.... Read more

    Affected Products : flatpress
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-45960

    Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-45964

    Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2025-24043

    Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more

    Affected Products : windbg
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2023-4358

    Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Aug. 15, 2023
    • Modified: Jul. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-4104

    An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerabi... Read more

    Affected Products : vpn
    • Published: Sep. 11, 2023
    • Modified: Jul. 03, 2025

  • 8.8

    HIGH
    CVE-2023-40072

    OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.... Read more

    • Published: Aug. 18, 2023
    • Modified: Jul. 03, 2025

  • 5.3

    MEDIUM
    CVE-2023-32003

    `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. T... Read more

    Affected Products : fedora node.js
    • Published: Aug. 15, 2023
    • Modified: Jul. 03, 2025
Showing 20 of 293685 Results