Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-42126

    G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the abili... Read more

    Affected Products : total_security
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.0

    HIGH
    CVE-2023-42128

    Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this ... Read more

    Affected Products : axiom
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2023-42129

    A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2023-42130

    A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to ex... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2023-42131

    Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vul... Read more

    Affected Products : spaceclaim
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2023-44428

    MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : musescore
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2023-44438

    Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this v... Read more

    Affected Products : argon
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2023-44440

    Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit th... Read more

    Affected Products : lithium
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2023-44439

    Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this v... Read more

    Affected Products : xenon
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 7.5

    HIGH
    CVE-2025-53793

    Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-53788

    Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_subsystem_for_linux
    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2025-53784

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-53779

    Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : windows_server_2025
    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-53765

    Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-27273

    IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.... Read more

    Affected Products : aix vios
    • Published: May. 07, 2024
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-31513

    An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can elevate to administrator privileges via the IsAdminApprover parameter in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by ... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-31512

    An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval via isAddedByApprover in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version eq... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-31511

    An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval by changing the user ID in a Request%20Building%20Access requestSubmit API call. The vendor has stated that the system is protected by updating to a version ... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8953

    A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The atta... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8956

    A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been... Read more

    Affected Products : dir-818l_firmware dir-818l
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection
Showing 20 of 291736 Results