Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-26785

    An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-... Read more

    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-47701

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.... Read more

    Affected Products : restrict_route_by_ip
    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.7

    MEDIUM
    CVE-2024-20132

    In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue... Read more

    Affected Products : nr16 mt6879 mt6886 mt6895 mt6895t mt6896 mt6980 mt6980d mt6985 mt6989 +8 more products
    • Published: Dec. 02, 2024
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2025-4416

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.... Read more

    Affected Products : events_log_track
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2019-16536

    Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.... Read more

    Affected Products : clickhouse
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-57096

    An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.... Read more

    Affected Products : wps_office
    • Published: May. 14, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-42922

    AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.... Read more

    Affected Products : aapanel
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-48174

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.... Read more

    Affected Products : busybox
    • Published: Aug. 22, 2023
    • Modified: Jun. 25, 2025

  • 4.3

    MEDIUM
    CVE-2023-40611

    Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, ... Read more

    Affected Products : airflow
    • Published: Sep. 12, 2023
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2023-40440

    This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.... Read more

    Affected Products : macos
    • Published: Sep. 12, 2023
    • Modified: Jun. 25, 2025

  • 5.5

    MEDIUM
    CVE-2024-56428

    The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.... Read more

    Affected Products : ilabclient
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-25539

    Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-45754

    A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.... Read more

    Affected Products : seeddms
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-47032

    Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2023-47295

    A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-47031

    An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-50348

    PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-26512

    CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq mess... Read more

    • Published: Jul. 17, 2023
    • Modified: Jun. 25, 2025

  • 7.5

    HIGH
    CVE-2025-50349

    PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2023-47030

    An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.... Read more

    Affected Products : terminal_handler
    • Published: Jun. 23, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication
Showing 20 of 293673 Results