Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-26431

    In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-43316

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to gain root privileges.... Read more

    Affected Products : macos visionos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-8006

    Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit th... Read more

    Affected Products : cobalt
    • Published: Sep. 17, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-22422

    In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additio... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-26439

    In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no ad... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-43286

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-54259

    Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : substance_3d_modeler
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43204

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Sep. 15, 2025
    • Modified: Sep. 17, 2025

  • 7.8

    HIGH
    CVE-2025-9491

    Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerab... Read more

    Affected Products : windows windows_11_23h2
    • Published: Aug. 26, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-22437

    In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Sep. 02, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-8354

    A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the curren... Read more

    Affected Products : revit
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7990

    Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit ... Read more

    Affected Products : cobalt
    • Published: Sep. 17, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-48563

    In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-48552

    In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interac... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-58432

    ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are p... Read more

    Affected Products : zimaos zimaos
    • Published: Sep. 17, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-48546

    In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48553

    In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Sep. 04, 2025
    • Modified: Sep. 08, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-7999

    Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this v... Read more

    Affected Products : cobalt
    • Published: Sep. 17, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54894

    Local Security Authority Subsystem Service Elevation of Privilege Vulnerability... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025

  • 7.8

    HIGH
    CVE-2025-27077

    Memory corruption while processing message in guest VM.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4391 Results