Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-53737

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53735

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53734

    Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53732

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : office
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-53731

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53730

    Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-52877

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-52878

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-52879

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-53778

    Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-53773

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : visual_studio_2022
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-3480

    MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentica... Read more

    Affected Products : pacs_server
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-53772

    Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.... Read more

    Affected Products : web_deploy web_deploy_4.0
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-53769

    External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.... Read more

    Affected Products : windows_security_app
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-53761

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-53760

    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-3486

    Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The spe... Read more

    Affected Products : allegra
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2024-20495

    A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-3884

    Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulner... Read more

    Affected Products : hue
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-3885

    Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication ... Read more

    Affected Products : harman_mgu21_firmware harman_mgu21
    • Published: May. 22, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291638 Results