Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-26695

    When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.... Read more

    Affected Products : thunderbird
    • Published: Mar. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-25306

    Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the... Read more

    Affected Products : misskey
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-22603

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability ins... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.1

    MEDIUM
    CVE-2024-56188

    there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2024-56187

    In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2024-56186

    In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2024-56185

    In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction i... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2024-56184

    In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54560

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 2.8

    LOW
    CVE-2024-54558

    A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-54546

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-54473

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54469

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-54467

    A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.... Read more

    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54463

    This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent.... Read more

    Affected Products : macos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-44227

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-44192

    The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025

  • 2.4

    LOW
    CVE-2024-44179

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the ... Read more

    Affected Products : macos iphone_os ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-1296

    Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and No... Read more

    Affected Products : nomad
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-55199

    A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the ... Read more

    Affected Products : celk_saude
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292767 Results