Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2024-37600

    An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit bas... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2024-12054

    ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot fr... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Authentication

  • 3.3

    LOW
    CVE-2023-34406

    An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With pr... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2023-34404

    Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered servic... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2023-34403

    Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and acces... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Race Condition

  • 7.7

    HIGH
    CVE-2023-34402

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2023-34401

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-o... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-26473

    The Mojave Inverter uses the GET method for sensitive information.... Read more

    • Published: Feb. 13, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-25281

    An attacker may modify the URL to discover sensitive information about the target network.... Read more

    • Published: Feb. 13, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-25195

    Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all ... Read more

    Affected Products : zulip zulip_server
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-25067

    mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.... Read more

    Affected Products : mypro
    • Published: Feb. 13, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-24865

    The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.... Read more

    Affected Products : mypro
    • Published: Feb. 13, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-24861

    An attacker may inject commands via specially-crafted post requests.... Read more

    • Published: Feb. 13, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-24836

    With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient read... Read more

    Affected Products : qardio
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-23421

    An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.... Read more

    Affected Products : qardio
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-23411

    mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.... Read more

    Affected Products : mypro
    • Published: Feb. 13, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.2

    CRITICAL
    CVE-2025-22896

    mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.... Read more

    Affected Products : mypro
    • Published: Feb. 13, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Cryptography

  • 6.6

    MEDIUM
    CVE-2025-20615

    The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering bac... Read more

    Affected Products : qardio
    • Published: Feb. 13, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-1283

    The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements by directly navigating to the main page.... Read more

    • Published: Feb. 13, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2024-57378

    Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to se... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization
Showing 20 of 291741 Results