Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-44336

    An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.9

    HIGH
    CVE-2024-33469

    An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 13, 2025

  • 6.0

    MEDIUM
    CVE-2023-31352

    A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2023-31343

    Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2023-31342

    Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2022-37660

    In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, will be able to subvert a future bootstrapping by passiv... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-1240

    WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that th... Read more

    Affected Products : winzip
    • Published: Feb. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2024-57777

    Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-57241

    Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.... Read more

    Affected Products : dedecms
    • Published: Feb. 11, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-55212

    DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 3.8

    LOW
    CVE-2024-51324

    An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 0.0

    NONE
    CVE-2024-32037

    GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a securit... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 3.0

    LOW
    CVE-2023-31331

    Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2023-20582

    Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2023-20581

    Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2023-20515

    Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-3180

    The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.... Read more

    Affected Products : wpgateway
    • Published: Feb. 11, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2024-21925

    Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2024-21924

    SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2024-0179

    SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization
Showing 20 of 291712 Results