Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2025-26688

Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.5

HIGH

CVE-2025-26687

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +11 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-21204

Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Authorization
7.0

HIGH

CVE-2025-26665

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Information Disclosure
7.8

HIGH

CVE-2025-26666

Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
6.5

MEDIUM

CVE-2025-26667

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows windows_server_2022_23h2 windows_server_23h2 windows_server_2012_r2 windows_server_2008_r2 +2 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Information Disclosure
7.5

HIGH

CVE-2025-26673

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Denial of Service
7.8

HIGH

CVE-2025-26679

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.5

HIGH

CVE-2025-26680

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows windows_server_2012_r2 windows_server_2025
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Denial of Service
6.7

MEDIUM

CVE-2025-26681

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally....

Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.5

HIGH

CVE-2025-26682

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network....

Affected Products : asp.net_core visual_studio visual_studio_2022
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Denial of Service
7.5

HIGH

CVE-2025-26686

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Published: Apr. 08, 2025

Modified: Jul. 09, 2025

Vuln Type: Memory Corruption
7.2

HIGH

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This m...

Affected Products : product_import_export_for_woocommerce
Published: Mar. 26, 2025

Modified: Jul. 09, 2025

Vuln Type: Authentication
9.8

CRITICAL

CVE-2025-3040

A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted...

Affected Products : online_time_table_generator
Published: Mar. 31, 2025

Modified: Jul. 09, 2025

Vuln Type: Authentication
9.8

CRITICAL

CVE-2025-3041

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible t...

Affected Products : online_time_table_generator
Published: Apr. 01, 2025

Modified: Jul. 09, 2025

Vuln Type: Authentication
9.8

CRITICAL

CVE-2025-3042

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The atta...

Affected Products : online_time_table_generator
Published: Apr. 01, 2025

Modified: Jul. 09, 2025

Vuln Type: Misconfiguration
5.4

MEDIUM

CVE-2025-7148

A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to c...

Affected Products : simple_hospital_management_system
Published: Jul. 07, 2025

Modified: Jul. 09, 2025

Vuln Type: Cross-Site Scripting
9.8

CRITICAL

CVE-2025-7147

A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. ...

Affected Products : patient_record_management_system
Published: Jul. 07, 2025

Modified: Jul. 09, 2025

Vuln Type: Injection
4.8

MEDIUM

CVE-2025-7144

A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argu...

Affected Products : best_salon_management_system
Published: Jul. 07, 2025

Modified: Jul. 09, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-7143

A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name le...

Affected Products : best_salon_management_system
Published: Jul. 07, 2025

Modified: Jul. 09, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 291878 Results

1
...
582
583
584
585
586
587
588
...
14594

Latest CVE Feed

7.8

7.5

7.8

7.0

7.8

6.5

7.5

7.8

7.5

6.7

7.5

7.5

7.2

9.8

9.8

9.8

5.4

9.8

4.8

5.4

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable