Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-9389

    In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2018-9387

    In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Jan. 18, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-23208

    zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing... Read more

    Affected Products : zot
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2018-9447

    In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2018-9434

    In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 4.4

    MEDIUM
    CVE-2018-9384

    In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2018-9383

    In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2018-9382

    In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. U... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2018-9379

    In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2018-9375

    In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2017-13322

    In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-23207

    KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generat... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0541

    A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack m... Read more

    • Published: Jan. 17, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 1.8

    LOW
    CVE-2025-23206

    The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprin... Read more

    Affected Products : aws_cloud_development_kit
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-23205

    nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default ... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-23202

    Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vu... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Injection

  • 5.2

    MEDIUM
    CVE-2025-23039

    Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execu... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-21606

    stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.H... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-0540

    A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The attack can be i... Read more

    Affected Products : tailoring_management_system
    • Published: Jan. 17, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-0538

    A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting.... Read more

    Affected Products : tourism_management_system
    • Published: Jan. 17, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291193 Results