Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-24505

    This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24504

    An improper input validation the CSRF filter results in unsanitized user input written to the application logs.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2025-24503

    A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24502

    An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24501

    An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-24500

    The vulnerability allows an unauthenticated attacker to access information in PAM database.... Read more

    • Published: Jan. 30, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-0683

    In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device ... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-0681

    The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-0680

    Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-0626

    The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The ... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-44142

    The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.... Read more

    Affected Products : garageband
    • Published: Jan. 30, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-12248

    Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0874

    A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/approve.php. The manipulation of the argument id leads to ... Read more

    Affected Products : simple_car_rental_system
    • Published: Jan. 30, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-0498

    A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a to... Read more

    Affected Products : factorytalk_assetcentre
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-0497

    A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCl... Read more

    Affected Products : factorytalk_assetcentre
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-0477

    An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other us... Read more

    Affected Products : factorytalk_assetcentre
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Cryptography

  • 8.5

    HIGH
    CVE-2023-29080

    Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting few binaries to a predefined writable folder during instal... Read more

    Affected Products : installshield
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-24099

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.... Read more

    Affected Products : macos
    • Published: Jan. 30, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0873

    A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullname/phonenumber/em... Read more

    Affected Products : tailoring_management_system
    • Published: Jan. 30, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-0367

    In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291274 Results