Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-24826

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625.... Read more

    Affected Products : snap_deploy
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-24482

    A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions.... Read more

    Affected Products : factorytalk_view
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-24481

    An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configurat... Read more

    Affected Products : factorytalk_view
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-0784

    A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission ... Read more

    Affected Products : incontrol_web
    • Published: Jan. 28, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cryptography

  • 8.4

    HIGH
    CVE-2024-40677

    In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2024-40676

    In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. ... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-40675

    In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-40674

    In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-40673

    In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. Us... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-40672

    In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2024-40670

    In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2024-40669

    In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2024-40651

    In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-40649

    In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-34748

    In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not nee... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-34733

    In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not ne... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2024-34732

    In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Race Condition

  • 9.3

    CRITICAL
    CVE-2025-24480

    A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-24479

    A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user.... Read more

    Affected Products : factorytalk_view
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-24478

    A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.... Read more

    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
Showing 20 of 291193 Results