Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-43077

    In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-43097

    In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-43762

    In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-43764

    In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 03, 2025
    • Modified: Jul. 03, 2025

  • 9.1

    CRITICAL
    CVE-2022-31631

    In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lea... Read more

    Affected Products : php sqlite
    • Published: Feb. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-1246

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0819

    Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain a... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0073

    Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.Th... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-6424

    A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 24, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-53256

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection.This issue affects YaySMTP: from n/a through 2.6.5.... Read more

    Affected Products : yaysmtp
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2014-0769

    The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a... Read more

    • Published: Apr. 25, 2014
    • Modified: Jul. 02, 2025

  • 9.3

    HIGH
    CVE-2014-0760

    The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or ca... Read more

    • Published: Apr. 25, 2014
    • Modified: Jul. 02, 2025

  • 10.0

    CRITICAL
    CVE-2012-6069

    The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. ... Read more

    Affected Products : codesys_runtime_system
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-36621

    moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-36622

    In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.... Read more

    Affected Products : raspap raspap-webgui
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 8.1

    HIGH
    CVE-2024-36623

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.... Read more

    Affected Products : moby
    • Published: Nov. 29, 2024
    • Modified: Jul. 02, 2025

  • 7.5

    HIGH
    CVE-2024-31669

    rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.... Read more

    Affected Products : rizin
    • Published: Dec. 02, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-45206

    A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more

    Affected Products : veeam_service_provider_console
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 7.0

    HIGH
    CVE-2024-45207

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more

    Affected Products : veeam_agent_for_windows
    • Published: Dec. 04, 2024
    • Modified: Jul. 02, 2025

  • 8.0

    HIGH
    CVE-2024-50699

    TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.... Read more

    Affected Products : tl-wr845n_firmware tl-wr845n
    • Published: Dec. 10, 2024
    • Modified: Jul. 02, 2025
Showing 20 of 293695 Results