Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-48000

    Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-48002

    Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-48003

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-48001

    Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-21006

    Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-48976

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to u... Read more

    Affected Products : commons_fileupload
    • Published: Jun. 16, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-2952

    BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the ... Read more

    Affected Products : litellm
    • Published: Apr. 10, 2024
    • Modified: Jul. 15, 2025

  • 5.5

    MEDIUM
    CVE-2025-21007

    Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-53015

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025

  • 5.5

    MEDIUM
    CVE-2025-43580

    Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt... Read more

    Affected Products : macos windows audition
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-47994

    Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-23121

    A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Jun. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-24683

    Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServle... Read more

    Affected Products : hop_engine
    • Published: Mar. 19, 2024
    • Modified: Jul. 15, 2025

  • 7.8

    HIGH
    CVE-2025-47996

    Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-47998

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-5979

    In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. One such class, `MojoConvertTool`, crashes the server when invoked with an invalid argu... Read more

    Affected Products : h2o h2o
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 7.5

    HIGH
    CVE-2024-6090

    A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to ... Read more

    Affected Products : chuanhuchatgpt
    • Published: Jun. 27, 2024
    • Modified: Jul. 15, 2025

  • 8.1

    HIGH
    CVE-2024-5712

    A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This vulnerability allows attackers to perform unauthorized actions in the context of a victim's browser, such as deleting ... Read more

    Affected Products : devika
    • Published: Jun. 28, 2024
    • Modified: Jul. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-36697

    A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-53364

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a s... Read more

    Affected Products : parse-server
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization
Showing 20 of 291520 Results