Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-50756

    Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products :
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-42648

    NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.... Read more

    Affected Products : nanomq
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-42646

    A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.... Read more

    Affected Products : nanomq
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-24286

    A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jun. 19, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22460

    Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.... Read more

    • Published: May. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-22462

    An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.... Read more

    Affected Products : neurons_for_itsm
    • Published: May. 13, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-29627

    An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module... Read more

    Affected Products : keeperchat
    • Published: Jun. 09, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-25034

    A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest... Read more

    Affected Products : sugarcrm
    • Published: Jun. 20, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-42649

    NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.... Read more

    Affected Products : nanomq
    • Published: Jul. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-20929

    Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025

  • 5.5

    MEDIUM
    CVE-2025-20930

    Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-20931

    Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20932

    Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20933

    Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.... Read more

    Affected Products : notes
    • Published: Mar. 06, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-27867

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to u... Read more

    • Published: Mar. 12, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-49705

    Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49703

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49702

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49723

    Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-10296

    A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical... Read more

    • Published: Oct. 23, 2024
    • Modified: Jul. 16, 2025
Showing 20 of 291756 Results