Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2018-9378

    In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2018-9373

    In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2017-13318

    In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitati... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2017-13317

    In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android
    • Published: Jan. 28, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-24800

    Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-23385

    In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possibl... Read more

    Affected Products : rider resharper dottrace
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-23213

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-23212

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2025-23211

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability... Read more

    Affected Products : recipes
    • Published: Jan. 28, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-23045

    Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vuln... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-0659

    A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. ... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-0432

    EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Cryptography

  • 5.1

    MEDIUM
    CVE-2024-7881

    An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2024-6351

    A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2024-11956

    A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the a... Read more

    Affected Products : pimcore
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2024-11954

    A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. ... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-0065

    Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025

  • 4.3

    MEDIUM
    CVE-2025-0754

    The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payl... Read more

    Affected Products :
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-0752

    A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.... Read more

    Affected Products : openshift_service_mesh
    • Published: Jan. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2025-0750

    A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denia... Read more

    Affected Products : openshift_container_platform
    • Published: Jan. 28, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291222 Results