Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-55171

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (withou... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-54222

    Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows substance_3d_stager
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54229

    Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : windows framemaker
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2025-5481

    Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to expl... Read more

    Affected Products : dicom_viewer_pro
    • Published: Jun. 06, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-55169

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-55168

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_ficha... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-36000

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-30907

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.... Read more

    Affected Products : secupress
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-22349

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : urbancode_velocity devops_velocity
    • Published: Jan. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-36124

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-49568

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-49567

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in servi... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-49564

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49563

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-32766

    A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-22347

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : urbancode_velocity devops_velocity
    • Published: Jan. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2025-27759

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated priv... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25248

    An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versi... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-49758

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49759

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection
Showing 20 of 291401 Results