Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2021-34999

    OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability ... Read more

    Affected Products : openbsd openbsd
    • Published: May. 07, 2024
    • Modified: Aug. 14, 2025

  • 3.3

    LOW
    CVE-2021-35000

    OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability ... Read more

    Affected Products : openbsd
    • Published: May. 07, 2024
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2022-0369

    Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Alt... Read more

    Affected Products : scada_data_gateway
    • Published: May. 07, 2024
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2023-27321

    OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authenti... Read more

    • Published: May. 07, 2024
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2025-49560

    Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : substance_3d_viewer
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49569

    Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : substance_3d_viewer
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49561

    Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a... Read more

    Affected Products : macos windows animate
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-49562

    Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : macos windows animate
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49570

    Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vict... Read more

    Affected Products : macos windows photoshop
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-54205

    Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : substance_3d_sampler
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-55170

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA appli... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-55171

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (withou... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-54222

    Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54229

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : windows framemaker
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2025-5481

    Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to expl... Read more

    Affected Products : dicom_viewer_pro
    • Published: Jun. 06, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-55169

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-55168

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_ficha... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-36000

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30907

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.... Read more

    Affected Products : secupress
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-22349

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : urbancode_velocity devops_velocity
    • Published: Jan. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291385 Results