Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-0286

    Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the vi... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0285

    Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation e... Read more

    • Published: Mar. 03, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-48827

    vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in M... Read more

    Affected Products : vbulletin
    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-24814

    Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authenti... Read more

    Affected Products : solr
    • Published: Jan. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-48828

    Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, atta... Read more

    Affected Products : vbulletin
    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-22377

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists i... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-49197

    An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.... Read more

    • Published: May. 27, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-4493

    Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions :  * Devolutions Ser... Read more

    Affected Products : devolutions_server
    • Published: May. 28, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-29632

    Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components... Read more

    Affected Products : free5gc
    • Published: May. 29, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-12224

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to a... Read more

    Affected Products : idna
    • Published: May. 30, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-4415

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.... Read more

    Affected Products : piwik_pro
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2024-54252

    Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6.... Read more

    Affected Products : pinpoint_booking_system
    • Published: Dec. 13, 2024
    • Modified: Jun. 25, 2025

  • 8.1

    HIGH
    CVE-2023-4761

    Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Sep. 05, 2023
    • Modified: Jun. 25, 2025

  • 6.5

    MEDIUM
    CVE-2025-26784

    An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-... Read more

    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-26785

    An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-... Read more

    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-47701

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.... Read more

    Affected Products : restrict_route_by_ip
    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.7

    MEDIUM
    CVE-2024-20132

    In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue... Read more

    Affected Products : nr16 mt6879 mt6886 mt6895 mt6895t mt6896 mt6980 mt6980d mt6985 mt6989 +8 more products
    • Published: Dec. 02, 2024
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2025-4416

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.... Read more

    Affected Products : events_log_track
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2019-16536

    Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.... Read more

    Affected Products : clickhouse
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-57096

    An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.... Read more

    Affected Products : wps_office
    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293647 Results