Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-0147

    Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-0146

    Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-0145

    Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0144

    Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-0143

    Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-0142

    Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2024-10604

    Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances... Read more

    Affected Products : fuchsia
    • Published: Jan. 30, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2024-10603

    Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.... Read more

    Affected Products : gvisor
    • Published: Jan. 30, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2024-10026

    A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.... Read more

    Affected Products : gvisor
    • Published: Jan. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cryptography

  • 8.9

    HIGH
    CVE-2025-24507

    This vulnerability allows appliance compromise at boot time.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24506

    A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-24505

    This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24504

    An improper input validation the CSRF filter results in unsanitized user input written to the application logs.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2025-24503

    A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24502

    An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-24501

    An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.... Read more

    • Published: Jan. 30, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-24500

    The vulnerability allows an unauthenticated attacker to access information in PAM database.... Read more

    • Published: Jan. 30, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-0683

    In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device ... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-0681

    The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-0680

    Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Authorization
Showing 20 of 291384 Results