Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-43549

    Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43568

    Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43569

    Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43570

    Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must ope... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43548

    Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a m... Read more

    Affected Products : macos windows dimension
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43572

    Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a m... Read more

    Affected Products : macos windows dimension
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2023-27338

    PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit ... Read more

    • Published: May. 03, 2024
    • Modified: May. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-5935

    A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.... Read more

    Affected Products : privategpt privategpt
    • Published: Jun. 27, 2024
    • Modified: May. 19, 2025

  • 8.3

    HIGH
    CVE-2024-5186

    A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and pote... Read more

    Affected Products : privategpt privategpt
    • Published: Jun. 06, 2024
    • Modified: May. 19, 2025

  • 7.8

    HIGH
    CVE-2023-27337

    PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this ... Read more

    • Published: May. 03, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2023-35757

    D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authenticati... Read more

    Affected Products : dap-2622_firmware dap-2622
    • Published: May. 07, 2024
    • Modified: May. 19, 2025

  • 8.8

    HIGH
    CVE-2025-24661

    Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8.... Read more

    Affected Products : ecab_taxi_booking_manager
    • Published: Feb. 03, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-23167

    A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthor... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2023-35006

    IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products : cpe security_qradar_edr
    • Published: Jul. 10, 2024
    • Modified: May. 19, 2025

  • 5.3

    MEDIUM
    CVE-2023-33860

    IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie w... Read more

    Affected Products : cpe security_qradar_edr
    • Published: Jul. 10, 2024
    • Modified: May. 19, 2025

  • 6.8

    MEDIUM
    CVE-2024-3851

    A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript p... Read more

    Affected Products : privategpt privategpt
    • Published: May. 16, 2024
    • Modified: May. 19, 2025

  • 5.3

    MEDIUM
    CVE-2025-4838

    A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of ... Read more

    Affected Products :
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-47948

    Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special plat... Read more

    Affected Products :
    • Published: May. 17, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-47788

    Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server ... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-23166

    The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, ... Read more

    Affected Products : node.js
    • Published: May. 19, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292508 Results