Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2024-10604

    Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances... Read more

    Affected Products : fuchsia
    • Published: Jan. 30, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2024-10603

    Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.... Read more

    Affected Products : gvisor
    • Published: Jan. 30, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2024-10026

    A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.... Read more

    Affected Products : gvisor
    • Published: Jan. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cryptography

  • 8.9

    HIGH
    CVE-2025-24507

    This vulnerability allows appliance compromise at boot time.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24506

    A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-24505

    This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24504

    An improper input validation the CSRF filter results in unsanitized user input written to the application logs.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2025-24503

    A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24502

    An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24501

    An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-24500

    The vulnerability allows an unauthenticated attacker to access information in PAM database.... Read more

    • Published: Jan. 30, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-0683

    In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device ... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-0681

    The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-0680

    Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-0626

    The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The ... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-44142

    The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.... Read more

    Affected Products : garageband
    • Published: Jan. 30, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-12248

    Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0874

    A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/approve.php. The manipulation of the argument id leads to ... Read more

    Affected Products : simple_car_rental_system
    • Published: Jan. 30, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-0498

    A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a to... Read more

    Affected Products : factorytalk_assetcentre
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-0497

    A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCl... Read more

    Affected Products : factorytalk_assetcentre
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291219 Results