Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2023-32881

    In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 6.7

    MEDIUM
    CVE-2023-32879

    In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID:... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-32831

    In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ... Read more

    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2021-38243

    xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.... Read more

    Affected Products : xunruicms
    • Published: Sep. 27, 2023
    • Modified: Jun. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-5425

    A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor Page. The manipulation leads to improper access controls. It... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5426

    A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5427

    A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks of the component Permalinks Page. The manipulation leads to improper access controls... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5429

    A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be ... Read more

    Affected Products : cms
    • Published: Jun. 02, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2023-0386

    A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid ... Read more

    • Actively Exploited
    • Published: Mar. 22, 2023
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-23692

    Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially craft... Read more

    Affected Products : http_file_server
    • Actively Exploited
    • Published: May. 31, 2024
    • Modified: Jun. 18, 2025

  • 8.1

    HIGH
    CVE-2024-33599

    nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was ... Read more

    • Published: May. 06, 2024
    • Modified: Jun. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-33600

    nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.... Read more

    • Published: May. 06, 2024
    • Modified: Jun. 18, 2025

  • 7.4

    HIGH
    CVE-2024-33602

    nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when ... Read more

    • Published: May. 06, 2024
    • Modified: Jun. 18, 2025

  • 5.2

    MEDIUM
    CVE-2024-34397

    An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send ... Read more

    Affected Products : fedora debian_linux glib ontap_tools
    • Published: May. 07, 2024
    • Modified: Jun. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-26517

    SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component.... Read more

    Affected Products : school_task_manager
    • Published: May. 14, 2024
    • Modified: Jun. 18, 2025

  • 8.8

    HIGH
    CVE-2024-34196

    Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overf... Read more

    Affected Products : a3002ru-v3_firmware a3002ru-v3
    • Published: May. 14, 2024
    • Modified: Jun. 18, 2025

  • 5.3

    MEDIUM
    CVE-2025-43699

    Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check.  This impacts OmniStudio: before Spring 2025... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-32106

    In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.... Read more

    • Published: Jun. 03, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32105

    A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.... Read more

    Affected Products : img2020_firmware img2020
    • Published: Jun. 03, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-28132

    A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session t... Read more

    • Published: Apr. 01, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication
Showing 20 of 293608 Results