Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-22442

    In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Race Condition

  • 7.3

    HIGH
    CVE-2025-22439

    In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. Use... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-26416

    In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Memory Corruption

  • 6.0

    MEDIUM
    CVE-2024-50801

    A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via the id parameter.... Read more

    Affected Products : abantecart
    • Published: Oct. 31, 2024
    • Modified: Sep. 04, 2025

  • 6.0

    MEDIUM
    CVE-2024-50802

    A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter.... Read more

    Affected Products : abantecart
    • Published: Oct. 31, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-45171

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out tha... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 05, 2024
    • Modified: Sep. 04, 2025

  • 6.8

    MEDIUM
    CVE-2024-34885

    Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request.... Read more

    Affected Products : bitrix24 bitrix24
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-45175

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with fil... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 05, 2024
    • Modified: Sep. 04, 2025

  • 7.2

    HIGH
    CVE-2024-45179

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable t... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Oct. 09, 2024
    • Modified: Sep. 04, 2025

  • 6.8

    MEDIUM
    CVE-2024-34891

    Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request.... Read more

    Affected Products : bitrix24 bitrix24
    • Published: Nov. 04, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-44775

    An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more

    Affected Products : kmqtt
    • Published: Oct. 15, 2024
    • Modified: Sep. 04, 2025

  • 8.6

    HIGH
    CVE-2024-48208

    pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.... Read more

    Affected Products : pure-ftpd
    • Published: Oct. 24, 2024
    • Modified: Sep. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-45176

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflect... Read more

    Affected Products : c-mor c-mor_video_surveillance
    • Published: Sep. 05, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2023-44447

    TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not ... Read more

    Affected Products : tl-wr902ac_firmware tl-wr902ac
    • Published: May. 03, 2024
    • Modified: Sep. 04, 2025

  • 7.8

    HIGH
    CVE-2024-5292

    D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the a... Read more

    Affected Products : network_assistant
    • Published: May. 23, 2024
    • Modified: Sep. 04, 2025

  • 8.8

    HIGH
    CVE-2024-45173

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can exec... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 05, 2024
    • Modified: Sep. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-41438

    A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.... Read more

    Affected Products : hicolor
    • Published: Jul. 30, 2024
    • Modified: Sep. 04, 2025

  • 6.2

    MEDIUM
    CVE-2024-41440

    A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.... Read more

    Affected Products : hicolor
    • Published: Jul. 30, 2024
    • Modified: Sep. 04, 2025

  • 8.1

    HIGH
    CVE-2024-45170

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only availab... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 04, 2024
    • Modified: Sep. 04, 2025

  • 8.1

    HIGH
    CVE-2024-45174

    An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows... Read more

    Affected Products : c-mor_video_surveillance
    • Published: Sep. 04, 2024
    • Modified: Sep. 04, 2025
Showing 20 of 293329 Results