Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    CVSS31
    CVE-2025-21137

    Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : substance_3d_designer
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21133

    Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21134

    Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-0069

    Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further ... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21370

    Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability... Read more

    Affected Products : windows_11_22h2 windows_11_24h2
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21363

    Microsoft Word Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21360

    Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability... Read more

    Affected Products : autoupdate
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21366

    Microsoft Access Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_apps
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21402

    Microsoft Office OneNote Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2024-13171

    Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21345

    Microsoft Office Visio Remote Code Execution Vulnerability... Read more

    Affected Products : office 365_apps
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21315

    Microsoft Brokering File System Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21326

    Internet Explorer Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2024-13172

    Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21187

    Microsoft Power Automate Remote Code Execution Vulnerability... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21335

    Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • Published: Jan. 14, 2025
    • Modified: Jan. 15, 2025

  • 7.8

    CVSS31
    CVE-2025-21382

    Windows Graphics Component Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2024-13163

    Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2024-13164

    An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : endpoint_manager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 7.8

    CVSS31
    CVE-2025-21304

    Microsoft DWM Core Library Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
Showing 20 of 702 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 17:46