Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-56951

    An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-56950

    An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-56949

    An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-56948

    An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-56947

    An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-24368

    Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.ph... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-24367

    Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution ... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-24365

    vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the ... Read more

    Affected Products : vaultwarden
    • Published: Jan. 27, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-24364

    vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some setti... Read more

    Affected Products : vaultwarden
    • Published: Jan. 27, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-24357

    vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter de... Read more

    Affected Products : vllm
    • Published: Jan. 27, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-24356

    fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by... Read more

    Affected Products : fastd
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-24354

    imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.... Read more

    Affected Products : imgproxy
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-23197

    matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Servi... Read more

    Affected Products : hookshot
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Denial of Service

  • 4.5

    MEDIUM
    CVE-2025-0733

    A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The comple... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.5

    MEDIUM
    CVE-2025-0732

    A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs t... Read more

    Affected Products : discord
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2024-26317

    In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker c... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2024-12740

    Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a spec... Read more

    Affected Products :
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Supply Chain

  • 9.1

    CRITICAL
    CVE-2025-22604

    Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part ... Read more

    Affected Products : cacti
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-0730

    A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument use... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Jan. 27, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-0729

    A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to versio... Read more

    Affected Products : tl-sg108e_firmware
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291222 Results