Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2025-59226

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps office_long_term_servicing_channel office_2024 office_2021
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.8

HIGH

CVE-2025-59227

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58736

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58735

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58734

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58733

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58732

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58731

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58730

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58738

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-58737

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2012_r2 windows_server_2025
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.1

HIGH

CVE-2025-61543

A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An attacker can manipulate the Host header to send m...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 16, 2025

Vuln Type: Injection
7.1

HIGH

CVE-2025-21066

Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory....

Affected Products : notes
Published: Oct. 10, 2025

Modified: Oct. 16, 2025

Vuln Type: Memory Corruption
7.1

HIGH

CVE-2025-21067

Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory....

Affected Products : notes
Published: Oct. 10, 2025

Modified: Oct. 16, 2025

Vuln Type: Memory Corruption
7.1

HIGH

CVE-2025-21068

Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory....

Affected Products : notes
Published: Oct. 10, 2025

Modified: Oct. 16, 2025

Vuln Type: Memory Corruption
7.1

HIGH

CVE-2025-21069

Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory....

Affected Products : notes
Published: Oct. 10, 2025

Modified: Oct. 16, 2025

Vuln Type: Memory Corruption
5.5

MEDIUM

CVE-2025-21070

Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory....

Affected Products : notes
Published: Oct. 10, 2025

Modified: Oct. 16, 2025

Vuln Type: Memory Corruption
9.8

CRITICAL

CVE-2025-11656

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unre...

Affected Products : school_management_system
Published: Oct. 13, 2025

Modified: Oct. 16, 2025

Vuln Type: Misconfiguration
9.8

CRITICAL

CVE-2025-11657

A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads t...

Affected Products : school_management_system
Published: Oct. 13, 2025

Modified: Oct. 16, 2025

Vuln Type: Misconfiguration
9.8

CRITICAL

CVE-2025-11658

A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestric...

Affected Products : school_management_system
Published: Oct. 13, 2025

Modified: Oct. 16, 2025

Vuln Type: Misconfiguration

Showing 20 of 3900 Results

Browse by Apps

Latest CVE Feed

7.8

7.8

7.0

7.0

7.0

7.0

7.0

7.0

7.0

7.0

7.0

7.1

7.1

7.1

7.1

7.1

5.5

9.8

9.8

9.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable