Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-20916

    Out-of-bounds read in reading string of SPen in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-20915

    Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-20914

    Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20913

    Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-20912

    Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2025-20911

    Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-20910

    Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-20909

    Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-20908

    Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-20903

    Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1979

    Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could pote... Read more

    Affected Products : ray
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-24864

    Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem... Read more

    Affected Products :
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22447

    Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSyste... Read more

    Affected Products :
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2025-27625

    In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, b... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-27624

    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-27623

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27622

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-27508

    Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, ... Read more

    Affected Products : emissary
    • Published: Mar. 05, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-27516

    Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulne... Read more

    Affected Products : jinja
    • Published: Mar. 05, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25634

    A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 05, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292522 Results