Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.8

HIGH

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....

Affected Products : sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Authorization
9.8

CRITICAL

CVE-2025-7612

A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remote...

Affected Products : mobile_shop
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Injection
7.8

HIGH

CVE-2025-49700

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : office word 365_apps office_long_term_servicing_channel word_2016 office_2024 office_2021 office_2019
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
7.0

HIGH

CVE-2025-49699

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office word 365_apps outlook powerpoint office_long_term_servicing_channel outlook_2016 office_macos_2024 office_macos_2021 word_2016 +4 more products
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-49698

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally....

Affected Products : office word 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 word_2016 office_2024 office_2021 office_2019
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
8.2

HIGH

CVE-2023-45588

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /...

Affected Products : forticlient
Published: Mar. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Path Traversal
8.4

HIGH

CVE-2025-49697

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
5.6

MEDIUM

CVE-2025-51650

An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file....

Affected Products : foxcms foxcms
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Authentication
5.4

MEDIUM

CVE-2025-51652

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php....

Affected Products : semcms
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Injection
5.4

MEDIUM

CVE-2025-51653

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php....

Affected Products : semcms
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Injection
9.8

CRITICAL

CVE-2025-2359

A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authoriza...

Affected Products : dir-823g_firmware dir-823g
Published: Mar. 17, 2025

Modified: Jul. 15, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-51654

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php....

Affected Products : semcms
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Injection
9.8

CRITICAL

CVE-2025-2360

A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to i...

Affected Products : dir-823g_firmware dir-823g
Published: Mar. 17, 2025

Modified: Jul. 15, 2025

Vuln Type: Authorization
8.4

HIGH

CVE-2025-49696

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
8.1

HIGH

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another i...

Affected Products : fortisiem
Published: Mar. 17, 2025

Modified: Jul. 15, 2025

Vuln Type: Cryptography
5.4

MEDIUM

CVE-2025-51655

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php....

Affected Products : semcms
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Injection
4.7

MEDIUM

CVE-2024-45644

IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment....

Affected Products : linux_kernel security_qradar_edr
Published: Mar. 19, 2025

Modified: Jul. 15, 2025

Vuln Type: Misconfiguration
7.8

HIGH

CVE-2025-49675

Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
8.4

HIGH

CVE-2025-49695

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Jul. 08, 2025

Modified: Jul. 15, 2025

Vuln Type: Memory Corruption
5.4

MEDIUM

CVE-2025-51656

SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php....

Affected Products : semcms
Published: Jul. 14, 2025

Modified: Jul. 15, 2025

Vuln Type: Injection

Showing 20 of 293509 Results

1
...
617
618
619
620
621
622
623
...
14676

Browse by Apps

Latest CVE Feed

8.8

9.8

7.8

7.0

7.8

8.2

8.4

5.6

5.4

5.4

9.8

5.4

9.8

8.4

8.1

5.4

4.7

7.8

8.4

5.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable