Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-58045

    Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2024-58044

    Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-58043

    Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2024-48248

    NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials).... Read more

    Affected Products : backup_\&_replication_director
    • Actively Exploited
    • Published: Mar. 04, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-0360

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-0359

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS ... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-47262

    Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or service... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2024-47260

    51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory.  Axis has re... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2024-47259

    Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with t... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-13685

    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE... Read more

    Affected Products : admin_and_site_enhancements
    • Published: Mar. 04, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-1906

    A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The ... Read more

    Affected Products : restaurant_table_booking_system
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-1905

    A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possib... Read more

    • Published: Mar. 04, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1904

    A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site ... Read more

    Affected Products : blood_bank_system
    • Published: Mar. 04, 2025
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2025-1307

    The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated a... Read more

    Affected Products : newscrunch
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-1306

    The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possib... Read more

    Affected Products : newscrunch
    • Published: Mar. 04, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2025-24309

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24301

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-23420

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-23418

    in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-23414

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.... Read more

    Affected Products : openharmony
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292522 Results