Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2023-37535

    Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 3.2

    LOW
    CVE-2023-37517

    Missing "no cache" headers in HCL Leap permits sensitive data to be cached.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2022-42450

    Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-4139

    A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor w... Read more

    Affected Products : ex6120_firmware ex6120
    • Published: Apr. 30, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-30422

    A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-24132

    The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.... Read more

    • Published: Apr. 30, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2022-42449

    Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2022-27562

    Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-4136

    A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack re... Read more

    Affected Products : wetong_mall
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-2082

    Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The... Read more

    Affected Products : model_3_firmware model_3
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-27611

    base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. T... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2024-6032

    Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the targ... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-6031

    Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on th... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2024-6030

    Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on th... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2024-6029

    Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnera... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2024-13943

    Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-46558

    XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particul... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-46557

    XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space (by default, anyone) can acces... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-46554

    XWiki is a generic wiki platform. In versions starting from 1.8.1 to before 14.10.22, from 15.0-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.7.0, anyone can access the metadata of any attachment in the wiki... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-46331

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certa... Read more

    Affected Products : openfga
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 293639 Results