Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-49665

    Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-49664

    Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2024-6364

    A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate... Read more

    Affected Products : persistence
    • Published: May. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-4963

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted uplo... Read more

    Affected Products : dar-7000_firmware dar-7000
    • Published: May. 16, 2024
    • Modified: Jul. 15, 2025

  • 7.5

    HIGH
    CVE-2024-56526

    An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.... Read more

    Affected Products : eshop
    • Published: May. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-4964

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.php. The manipulation of the argument file leads to unrest... Read more

    Affected Products : dar-7000_firmware dar-7000
    • Published: May. 16, 2024
    • Modified: Jul. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-7747

    The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible ... Read more

    Affected Products : terawallet
    • Published: Nov. 28, 2024
    • Modified: Jul. 15, 2025

  • 3.3

    LOW
    CVE-2025-23378

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclos... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-26330

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a dis... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-22471

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2025-26479

    Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.... Read more

    Affected Products : powerscale_onefs powerscale_onefs
    • Published: Apr. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-49964

    In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always returned signed value and the document states it will re... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-29985

    Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulne... Read more

    Affected Products : common_event_enabler
    • Published: Apr. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-29986

    Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially expl... Read more

    Affected Products : common_event_enabler
    • Published: Apr. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-4965

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os comm... Read more

    Affected Products : dar-7000_firmware dar-7000
    • Published: May. 16, 2024
    • Modified: Jul. 15, 2025

  • 5.5

    MEDIUM
    CVE-2025-48812

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-11173

    An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught excepti... Read more

    Affected Products : librechat
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-1968

    In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the ... Read more

    Affected Products : scrapy
    • Published: May. 20, 2024
    • Modified: Jul. 15, 2025

  • 6.8

    MEDIUM
    CVE-2024-11850

    A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit t... Read more

    Affected Products : dify dify
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-12039

    langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours b... Read more

    Affected Products : dify dify
    • Published: Mar. 20, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication
Showing 20 of 291915 Results