Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2025-53814

A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability....

Affected Products :
Published: Oct. 28, 2025

Modified: Nov. 03, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-50175

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.8

HIGH

CVE-2025-53150

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +2 more products
Published: Oct. 14, 2025

Modified: Oct. 20, 2025
7.8

HIGH

CVE-2025-47360

Memory corruption while processing client message during device management....

Affected Products :
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-62801

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the server_name field of an MCP execute arbitrary OS commands on Windows hosts that run fastmc...

Affected Products : fastmcp
Published: Oct. 28, 2025

Modified: Nov. 04, 2025

Vuln Type: Injection
7.8

HIGH

CVE-2025-58720

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products
Published: Oct. 14, 2025

Modified: Oct. 14, 2025
7.8

HIGH

CVE-2025-9871

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low...

Affected Products :
Published: Oct. 29, 2025

Modified: Oct. 30, 2025

Vuln Type: Path Traversal
7.8

HIGH

CVE-2025-61156

Incorrect access control in the kernel driver of ThreatFire System Monitor v4.7.0.53 allows attackers to escalate privileges and execute arbitrary commands via an insecure IOCTL....

Affected Products :
Published: Oct. 29, 2025

Modified: Oct. 30, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-20735

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435349; ...

Affected Products :
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-53768

Use after free in Xbox allows an authorized attacker to elevate privileges locally....

Affected Products : windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_11_24h2 windows_11_25h2
Published: Oct. 14, 2025

Modified: Oct. 20, 2025
7.8

HIGH

CVE-2025-58728

Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 14, 2025
7.8

HIGH

CVE-2025-55697

Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_server_2025
Published: Oct. 14, 2025

Modified: Oct. 30, 2025
7.8

HIGH

CVE-2025-55694

Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 30, 2025
7.8

HIGH

CVE-2025-59255

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +2 more products
Published: Oct. 14, 2025

Modified: Oct. 17, 2025
7.8

HIGH

CVE-2025-58724

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally....

Affected Products : azure_connected_machine_agent arc_enabled_servers_azure_connected_machine_agent
Published: Oct. 14, 2025

Modified: Oct. 20, 2025
7.8

HIGH

CVE-2025-59281

Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally....

Affected Products : xbox_gaming_services
Published: Oct. 14, 2025

Modified: Oct. 17, 2025
7.8

HIGH

CVE-2025-59227

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.8

HIGH

CVE-2025-58722

Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 +3 more products
Published: Oct. 14, 2025

Modified: Oct. 14, 2025
7.8

HIGH

CVE-2025-43474

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination or read kernel memory....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-47353

Memory corruption while processing request sent from GVM....

Affected Products :
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Memory Corruption

Showing 20 of 3905 Results

Browse by Apps

Latest CVE Feed

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable