Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2025-20912

    Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2025-20911

    Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-20910

    Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-20909

    Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-20908

    Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-20903

    Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : android
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1979

    Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could pote... Read more

    Affected Products : ray
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-24864

    Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem... Read more

    Affected Products :
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22447

    Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSyste... Read more

    Affected Products :
    • Published: Mar. 06, 2025
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2025-27625

    In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, b... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-27624

    A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-27623

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-27622

    Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets.... Read more

    Affected Products : jenkins
    • Published: Mar. 05, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-27508

    Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, ... Read more

    Affected Products : emissary
    • Published: Mar. 05, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-27516

    Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulne... Read more

    Affected Products : jinja
    • Published: Mar. 05, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25634

    A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 05, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25632

    Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Mar. 05, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25362

    A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field.... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2024-57174

    A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP ... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-27517

    Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.... Read more

    Affected Products : livewire
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
Showing 20 of 292838 Results