Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-27242

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.... Read more

    Affected Products : openharmony
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-27163

    Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as... Read more

    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-27176

    InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a deni... Read more

    Affected Products : macos windows indesign
    • Published: Mar. 11, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-27072

    Information disclosure while processing a packet at EAVB BE side with invalid header length.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-27136

    LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document ... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: XML External Entity

  • 5.5

    MEDIUM
    CVE-2025-26693

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.... Read more

    Affected Products : openharmony
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-26358

    A CWE-20 "Improper Input Validation" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests.... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-26348

    A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute ... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-26269

    DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.... Read more

    Affected Products : dragonfly
    • Published: Apr. 17, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-26346

    A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to exe... Read more

    Affected Products : maxtime
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-25946

    An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4_MarlinIpmpEncryptingProcessor::Initialize and AP4_Processor::Process, during the execution of mp4encrypt with a specially c... Read more

    Affected Products : bento4
    • Published: Feb. 19, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-25740

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-25331

    An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link.... Read more

    Affected Products :
    • Published: Feb. 27, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-25212

    in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.... Read more

    Affected Products : openharmony
    • Published: Aug. 11, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-25041

    A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition a... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-25217

    in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.... Read more

    Affected Products : openharmony
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-24992

    Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025

  • 5.5

    MEDIUM
    CVE-2025-25052

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.... Read more

    Affected Products : openharmony
    • Published: May. 06, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-4569

    A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.... Read more

    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2025-24448

    Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos windows illustrator
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293589 Results