Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-3648

    A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated u... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-27490

    Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27486

    Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-27485

    Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-32726

    Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio_code
    • Published: Apr. 12, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-29823

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : 365_apps
    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-29822

    Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-29820

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-3611

    Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have... Read more

    Affected Products : mattermost_server
    • Published: May. 30, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-27732

    Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-27130

    Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the prod... Read more

    Affected Products : welcart_e-commerce
    • Published: Apr. 01, 2025
    • Modified: Jul. 08, 2025

  • 7.8

    HIGH
    CVE-2025-27731

    Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-47289

    CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field.... Read more

    Affected Products : ce_phoenix_cart
    • Published: Jun. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4546

    A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be lau... Read more

    Affected Products : maxkb
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 4.2

    MEDIUM
    CVE-2025-4542

    A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation ... Read more

    Affected Products : hotel
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-4540

    A vulnerability was found in MTSoftware C-Lodop 6.6.1.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The attack needs to be appro... Read more

    Affected Products : windows c-lodop
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-4539

    A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible t... Read more

    Affected Products : todesk
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-4537

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulati... Read more

    Affected Products : ruoyi-vue
    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4536

    A vulnerability has been found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmgr/user/listByPage. The manipulation leads t... Read more

    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-4535

    A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler.... Read more

    • Published: May. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293559 Results