Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-62417

    Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet wil... Read more

    Affected Products : bagisto
    • Published: Oct. 16, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-46774

    An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related execu... Read more

    Affected Products : forticlient
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-54280

    Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_viewer
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53855

    An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-57741

    An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.... Read more

    Affected Products : forticlient
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-61802

    Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54284

    Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must... Read more

    Affected Products : macos windows illustrator
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-61807

    Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54282

    Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more

    Affected Products : windows framemaker
    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54274

    Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v... Read more

    Affected Products : substance_3d_viewer
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-61799

    Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code... Read more

    Affected Products : macos windows dimension
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-59191

    Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025

  • 7.8

    HIGH
    CVE-2025-59187

    Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 05, 2025

  • 7.8

    HIGH
    CVE-2025-61803

    Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-59494

    Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_monitor_agent
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025

  • 7.8

    HIGH
    CVE-2025-61806

    Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54658

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11... Read more

    Affected Products : macos fortidlp_agent fortidlp
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-62580

    ASDA-Soft Stack-based Buffer Overflow Vulnerability... Read more

    Affected Products : asda_soft
    • Published: Oct. 16, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53951

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and ... Read more

    Affected Products : windows fortidlp_agent fortidlp
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-59234

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025
Showing 20 of 3674 Results