Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-4657

    A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.... Read more

    Affected Products : app_store pc_manager browser
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2025-6248

    A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.... Read more

    Affected Products : browser
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-6249

    An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.... Read more

    Affected Products : filez_client
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-7433

    A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-23269

    NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability ... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48188

    libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call from fill_buffer (in data/encrypted-file.c) to the Gnulib rijndaelDecrypt function, leading to a heap-based buffer over-read.... Read more

    Affected Products : pspp
    • Published: May. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7098

    A vulnerability, which was classified as critical, was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name Handler. The manipulation of the argument name/folder leads to path traversal. It is p... Read more

    Affected Products : internet_security
    • Published: Jul. 06, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-35279

    A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP... Read more

    Affected Products : fortios
    • Published: Feb. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-40591

    An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their... Read more

    Affected Products : fortios
    • Published: Feb. 11, 2025
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2025-20896

    Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.... Read more

    Affected Products : easysetup
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025

  • 4.6

    MEDIUM
    CVE-2025-20895

    Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.... Read more

    Affected Products : galaxy_store
    • Published: Feb. 04, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2024-34831

    cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.... Read more

    Affected Products : gibbon
    • Published: Sep. 10, 2024
    • Modified: Jul. 17, 2025

  • 7.8

    HIGH
    CVE-2024-31890

    IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host ope... Read more

    Affected Products : i i
    • Published: Jun. 21, 2024
    • Modified: Jul. 17, 2025

  • 7.5

    HIGH
    CVE-2024-3403

    imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit th... Read more

    Affected Products : privategpt privategpt
    • Published: May. 16, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-20870

    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.... Read more

    Affected Products : galaxy_store
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-20869

    Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.... Read more

    Affected Products : internet
    • Published: May. 07, 2024
    • Modified: Jul. 17, 2025

  • 6.4

    MEDIUM
    CVE-2024-12504

    The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient inpu... Read more

    • Published: Jan. 23, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48255

    Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP allows Cross Site Request Forgery. This issue affects Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: from n/a... Read more

    • Published: May. 19, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-3555

    A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is pos... Read more

    Affected Products : ecommerce-website-in-php
    • Published: Apr. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-3556

    A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authen... Read more

    Affected Products : ecommerce-website-in-php
    • Published: Apr. 14, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication
Showing 20 of 291618 Results