Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-31345

    Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.0

    MEDIUM
    CVE-2023-20508

    Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2020-3432

    A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of di... Read more

    • Published: Feb. 12, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-25203

    CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` f... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2024-54916

    An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the checkPasscode method.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-54772

    An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempt... Read more

    Affected Products : routeros
    • Published: Feb. 11, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-44336

    An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.9

    HIGH
    CVE-2024-33469

    An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 13, 2025

  • 6.0

    MEDIUM
    CVE-2023-31352

    A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2023-31343

    Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-31342

    Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2022-37660

    In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passiv... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-1240

    WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that th... Read more

    Affected Products : winzip
    • Published: Feb. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2024-57777

    Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-57241

    Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.... Read more

    Affected Products : dedecms
    • Published: Feb. 11, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-55212

    DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-51324

    An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 0.0

    NONE
    CVE-2024-32037

    GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a securit... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 3.0

    LOW
    CVE-2023-31331

    Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2023-20582

    Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291638 Results