Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21169

    Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : substance_3d_designer
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27175

    InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27171

    InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows indesign
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27166

    InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24453

    InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows indesign
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24452

    InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-35362

    Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php.... Read more

    Affected Products : ecshop
    • Published: May. 22, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-20368

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. Thi... Read more

    Affected Products : identity_services_engine
    • Published: Apr. 03, 2024
    • Modified: Apr. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-20532

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-20529

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-42021

    An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.... Read more

    Affected Products : one
    • Published: Sep. 07, 2024
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2024-20528

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super A... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-20527

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-20487

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-42022

    An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.... Read more

    Affected Products : one
    • Published: Sep. 07, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2025-27169

    Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows illustrator
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-24449

    Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos windows illustrator
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-24448

    Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more

    Affected Products : macos windows illustrator
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-42023

    An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.... Read more

    Affected Products : one
    • Published: Sep. 07, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2025-27158

    Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ... Read more

    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291750 Results