Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-49700

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-49699

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49698

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2023-45588

    An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /... Read more

    Affected Products : forticlient
    • Published: Mar. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-49697

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-51650

    An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.... Read more

    Affected Products : foxcms foxcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-51652

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-51653

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2359

    A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authoriza... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Mar. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-51654

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-2360

    A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to i... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Mar. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-49696

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2019-17659

    A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another i... Read more

    Affected Products : fortisiem
    • Published: Mar. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2025-51655

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2024-45644

    IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Mar. 19, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-49675

    Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-49695

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-51656

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more

    Affected Products : semcms
    • Published: Jul. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-10714

    A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each c... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-11169

    An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially craf... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291647 Results