Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-8901

    Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8882

    Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8880

    Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-8881

    Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-2895

    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser w... Read more

    Affected Products : cloud_pak_system
    • Published: Jun. 30, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8879

    Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-54238

    Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : macos windows dimension
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-54233

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : windows framemaker
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-54232

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : windows framemaker
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54231

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : windows framemaker
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54230

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : windows framemaker
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2023-45584

    A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and befo... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-1351

    IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.... Read more

    Affected Products : storage_virtualize
    • Published: Jul. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Race Condition

  • 6.3

    MEDIUM
    CVE-2025-54090

    A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.... Read more

    Affected Products : http_server
    • Published: Jul. 23, 2025
    • Modified: Aug. 14, 2025

  • 4.7

    MEDIUM
    CVE-2025-8114

    A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause th... Read more

    Affected Products : libssh
    • Published: Jul. 24, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-5449

    A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocatio... Read more

    Affected Products : libssh
    • Published: Jul. 25, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-50690

    A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the se... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-50251

    Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2018-13440

    The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.... Read more

    • EPSS Score: %11.51
    • Published: Jul. 08, 2018
    • Modified: Aug. 13, 2025

  • 8.8

    HIGH
    CVE-2015-7747

    Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstr... Read more

    • EPSS Score: %40.01
    • Published: Feb. 19, 2020
    • Modified: Aug. 13, 2025
Showing 20 of 291358 Results