Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-32716

    Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-32714

    Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-32713

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-32712

    Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-32710

    Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-29828

    Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-53004

    DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigge... Read more

    Affected Products : dataease
    • Published: Jun. 30, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-3467

    An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator v... Read more

    Affected Products : dify dify
    • Published: Jul. 07, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5537

    The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. Thi... Read more

    Affected Products : foobox foobox
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-42760

    SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.... Read more

    Affected Products : ellevo
    • Published: Sep. 11, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-39924

    An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker... Read more

    Affected Products : vaultwarden
    • Published: Sep. 13, 2024
    • Modified: Jul. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-39925

    An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member... Read more

    Affected Products : vaultwarden
    • Published: Sep. 13, 2024
    • Modified: Jul. 10, 2025

  • 5.4

    MEDIUM
    CVE-2024-39926

    An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attack... Read more

    Affected Products : vaultwarden
    • Published: Sep. 13, 2024
    • Modified: Jul. 10, 2025

  • 8.8

    HIGH
    CVE-2024-42404

    SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.... Read more

    Affected Products : welcart_e-commerce
    • Published: Sep. 18, 2024
    • Modified: Jul. 10, 2025

  • 6.1

    MEDIUM
    CVE-2024-45366

    Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.... Read more

    Affected Products : welcart_e-commerce
    • Published: Sep. 18, 2024
    • Modified: Jul. 10, 2025

  • 7.5

    HIGH
    CVE-2023-49203

    Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.... Read more

    Affected Products : dnsserver
    • Published: Sep. 18, 2024
    • Modified: Jul. 10, 2025

  • 5.5

    MEDIUM
    CVE-2025-21008

    Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.... Read more

    Affected Products : android
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2024-36350

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2024-36357

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-36348

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291878 Results