Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.4

HIGH

CVE-2025-54910

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54908

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps powerpoint office_long_term_servicing_channel office_2024 office_2021 office_2019 powerpoint_2016
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54907

Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_2024 office_2021 office_2019
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.1

HIGH

CVE-2025-54905

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally....

Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54904

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
9.8

CRITICAL

CVE-2025-26062

An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings....

Affected Products : rx_1500_firmware rx_1500 rx_3000_firmware rx_3000
Published: Jul. 31, 2025

Modified: Sep. 12, 2025

Vuln Type: Information Disclosure
7.8

HIGH

CVE-2025-54903

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54900

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54906

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 office_2016 sharepoint_server_2019 office_2024 +2 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
6.5

MEDIUM

CVE-2025-47997

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network....

Affected Products : sql_server_2016 sql_server_2017 sql_server_2019 sql_server_2022
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.0

HIGH

CVE-2025-45768

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for optin...

Affected Products : pyjwt
Published: Jul. 31, 2025

Modified: Sep. 12, 2025

Vuln Type: Cryptography
7.8

HIGH

CVE-2025-54896

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
8.8

HIGH

CVE-2025-54897

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....

Affected Products : sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54898

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
7.8

HIGH

CVE-2025-54899

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019
Published: Sep. 09, 2025

Modified: Sep. 12, 2025
6.1

MEDIUM

CVE-2025-54789

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the cont...

Affected Products : files
Published: Aug. 02, 2025

Modified: Sep. 12, 2025

Vuln Type: Cross-Site Scripting
9.2

CRITICAL

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is ...

Affected Products : files
Published: Aug. 02, 2025

Modified: Sep. 12, 2025

Vuln Type: Injection
7.8

HIGH

CVE-2025-58322

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks....

Affected Products : windows mybox mybox
Published: Aug. 28, 2025

Modified: Sep. 12, 2025

Vuln Type: Authorization
8.8

HIGH

CVE-2025-9580

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be la...

Affected Products : bl-x26_firmware bl-x26 bl-x26_firmware bl-x26
Published: Aug. 28, 2025

Modified: Sep. 12, 2025

Vuln Type: Injection
8.0

HIGH

CVE-2025-57579

An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password...

Affected Products :
Published: Sep. 12, 2025

Modified: Sep. 12, 2025

Vuln Type: Authentication

Showing 20 of 293588 Results

1
2
3
4
5
...
14680

Browse by Apps

Latest CVE Feed

8.4

7.8

7.8

7.1

7.8

9.8

7.8

7.8

7.8

6.5

7.0

7.8

8.8

7.8

7.8

6.1

9.2

7.8

8.8

8.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable