Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-22920

    A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-22919

    A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-57259

    sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-57258

    Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 2.0

    LOW
    CVE-2024-57257

    A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-57256

    An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-57255

    An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-57254

    An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.... Read more

    Affected Products : u-boot
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-13743

    The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : wonder_video_embed
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-25896

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.0

    HIGH
    CVE-2025-25895

    An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-25894

    An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2025-25893

    An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted ... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-25892

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-25891

    A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    Affected Products : dsl-3782_firmware dsl-3782
    • Published: Feb. 18, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25469

    FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-25468

    FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/mem.c.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25467

    Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-22921

    FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a segmentation violation via the component /libavcodec/jpeg2000dec.c.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-56171

    libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity cons... Read more

    Affected Products : libxml2
    • Published: Feb. 18, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291750 Results