Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-50157

    Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-53789

    Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-53766

    Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-45662

    IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.... Read more

    Affected Products : safer_payments
    • Published: Jan. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-53729

    Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_file_sync
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-50171

    Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-22348

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited t... Read more

    Affected Products : urbancode_velocity devops_velocity
    • Published: Jan. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-4565

    Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This ca... Read more

    Affected Products : protobuf protobuf-python protobuf
    • Published: Jun. 16, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-50165

    Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.0

    MEDIUM
    CVE-2024-45672

    IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.... Read more

    Affected Products : security_verify_bridge
    • Published: Jan. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2023-44441

    GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : gimp
    • Published: May. 03, 2024
    • Modified: Aug. 14, 2025

  • 9.0

    HIGH
    CVE-2025-8810

    A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The att... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 10, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-8747

    A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.... Read more

    Affected Products : keras
    • Published: Aug. 11, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-51823

    libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length.... Read more

    Affected Products : libcsp libcsp
    • Published: Aug. 11, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2016-8596

    Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.... Read more

    Affected Products : libcsp libcsp
    • EPSS Score: %3.36
    • Published: Oct. 28, 2016
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2016-8597

    Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.... Read more

    Affected Products : libcsp libcsp
    • EPSS Score: %3.36
    • Published: Oct. 28, 2016
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2016-8598

    Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.... Read more

    Affected Products : libcsp libcsp
    • EPSS Score: %3.36
    • Published: Oct. 28, 2016
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-51824

    libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.... Read more

    Affected Products : libcsp libcsp
    • Published: Aug. 11, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2023-44442

    GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : gimp
    • Published: May. 03, 2024
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-8355

    In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).... Read more

    Affected Products : freeflow_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: XML External Entity
Showing 20 of 291616 Results