Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-53732

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : office
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-53731

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53730

    Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-52877

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-52878

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-52879

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-53778

    Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-53773

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : visual_studio_2022
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-3480

    MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentica... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-53772

    Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.... Read more

    Affected Products : web_deploy web_deploy_4.0
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-53769

    External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.... Read more

    Affected Products : windows_security_app
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-53761

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-53760

    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-3486

    Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The spe... Read more

    Affected Products : allegra
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2024-20495

    A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-3884

    Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulner... Read more

    Affected Products : hue
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-3885

    Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication ... Read more

    Affected Products : harman_mgu21_firmware harman_mgu21
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-8932

    A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated re... Read more

    Affected Products : sales_management_system
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-8770

    An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipu... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-7739

    An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label d... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291615 Results