Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-53726

    Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53725

    Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53724

    Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-35995

    When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-36525

    When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-2766

    70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. T... Read more

    Affected Products : a510_firmware a510
    • Published: Jun. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3485

    Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The s... Read more

    Affected Products : allegra
    • Published: Jun. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-5473

    GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the targ... Read more

    Affected Products : gimp
    • Published: Jun. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-5474

    2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to exec... Read more

    Affected Products : syncbackfree
    • Published: Jun. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-5480

    Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged ... Read more

    Affected Products : action1
    • Published: Jun. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-6216

    Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. T... Read more

    Affected Products : allegra
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2771

    BEC Technologies Multiple Routers Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of BEC Technologies routers. Authentication is not required to exploit this vulnerability.... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-3910

    A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.... Read more

    Affected Products : keycloak build_of_keycloak
    • Published: Apr. 29, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2025-6217

    PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtai... Read more

    Affected Products : device_driver
    • Published: Jun. 21, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-6442

    Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP p... Read more

    Affected Products : webrick
    • Published: Jun. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-6443

    Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.... Read more

    Affected Products : routeros
    • Published: Jun. 25, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-20696

    In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android openwrt yocto rdk-b zephyr mt6781 mt6789 mt6813 mt6833 mt6835 +27 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20697

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products : android mt6853 mt6855 mt6877 mt6878 mt6879 mt6883 mt6885 mt6889 mt6893 +19 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20698

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products : android mt6781 mt6789 mt6833 mt6835 mt6853 mt6855 mt6877 mt6878 mt6879 +30 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53738

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291784 Results