Latest Cybersecurity Vulnerabilities - Real-Time Updates
Stay ahead of cybersecurity threats with real-time updates on the latest vulnerabilities.
This page lists the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
including risk scores, affected vendors, and mitigation insights.
Keeping track of emerging threats helps security professionals protect their systems.
Latest 30 CVEs - Real-Time Cyber Threats
Cyber threats are constantly evolving, making real-time vulnerability tracking essential.
Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
providing key details such as affected vendors, impact levels, and risk scores.
Each CVE entry includes a brief summary and a direct link to its full details,
enabling cybersecurity professionals, system administrators, and developers to quickly assess
and mitigate potential security risks.
-
CVE-2025-9840 Critical Risk Assessment
A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Score: 6.3/10
🔥 High Risk
Published on 02 Sep 2025, 23:15 UTC (only 3 hours ago)
-
CVE-2025-9839 Exploitable Vulnerability Warning
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Score: 7.3/10
🔥 Very High Risk
Published on 02 Sep 2025, 23:15 UTC (only 3 hours ago)
-
CVE-2025-9838 Critical Security Advisory
A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Score: 7.3/10
🔥 Very High Risk
Published on 02 Sep 2025, 23:15 UTC (only 3 hours ago)
-
CVE-2025-26416 Technical Report
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22442 Technical Report
In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22439 Security Notice
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22438 Security Notice
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22437 Security Notice
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22435 Technical Report
In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22434 Security Notice
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22433 Vulnerability Insight
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22431 Security Notice
In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22430 Vulnerability Insight
In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22429 Technical Report
In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22428 Security Notice
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22427 Security Notice
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22423 Security Notice
In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22422 Vulnerability Insight
In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22421 Technical Report
In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
-
CVE-2025-22419 Technical Report
In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
⏳ Analysis in Progress
02 Sep 2025, 23:15 UTC (3 hours ago)
What are CVEs?
A Common Vulnerability and Exposure (CVE) is a publicly disclosed cybersecurity flaw
that can be exploited by attackers to compromise software, systems, or networks.
The CVE system is maintained by The CVE Program
and provides a unique identifier for each vulnerability.
CVEs are assigned a severity score using the Common Vulnerability Scoring System (CVSS),
which helps security teams prioritize their response to threats.
Why Tracking CVEs is Important?
Keeping track of the latest CVEs is crucial for organizations and IT security professionals.
Cybercriminals frequently exploit unpatched vulnerabilities to launch ransomware attacks, data breaches, and system takeovers.
By staying updated with the latest threats, companies can apply security patches,
adjust firewall rules, and implement security policies to minimize risks.