Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-27913

    Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.... Read more

    Affected Products : passbolt_api
    • Published: Mar. 10, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2022-48610

    This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2022-43454

    A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-27616

    Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of... Read more

    Affected Products : server
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-27615

    umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configurat... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-27136

    LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document ... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: XML External Entity

  • 7.0

    HIGH
    CVE-2025-26696

    Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.... Read more

    Affected Products : thunderbird
    • Published: Mar. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-26695

    When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.... Read more

    Affected Products : thunderbird
    • Published: Mar. 10, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-25306

    Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the `id` and `url` fields of ActivityPub objects. An attacker can forge an object where they claim authority in the... Read more

    Affected Products : misskey
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-22603

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability ins... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.1

    MEDIUM
    CVE-2024-56188

    there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2024-56187

    In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2024-56186

    In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2024-56185

    In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction i... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2024-56184

    In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : android
    • Published: Mar. 10, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54560

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 2.8

    LOW
    CVE-2024-54558

    A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Mar. 10, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-54546

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-54473

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-54469

    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Mar. 10, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292774 Results