Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-5956

    The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-suppl... Read more

    Affected Products : wp_human_resource_management
    • Published: Jul. 04, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-49828

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions w... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 8.4

    HIGH
    CVE-2025-48071

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompres... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-48074

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to e... Read more

    Affected Products : openexr
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-51473

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2025-48073

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is pos... Read more

    Affected Products : openexr
    • Published: Jul. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-20210

    A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentica... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-54223

    InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a mal... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54221

    InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54220

    InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54219

    InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54218

    InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025

  • 8.8

    HIGH
    CVE-2025-5061

    The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated atta... Read more

    Affected Products : wp_import_export_lite
    • Published: Aug. 05, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-54217

    InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54216

    InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54215

    InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open... Read more

    Affected Products : macos windows incopy
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-54253

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-54645

    Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-54646

    Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.... Read more

    Affected Products : emui harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-54647

    Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291293 Results