Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-24380

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-24381

    Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user bein... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-24385

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-24386

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-27729

    Use after free in Windows Shell allows an unauthorized attacker to execute code locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27728

    Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27727

    Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2023-50229

    BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.3

    MEDIUM
    CVE-2024-10047

    parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.... Read more

    Affected Products : lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2023-50230

    BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.7

    MEDIUM
    CVE-2023-51589

    BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interactio... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.7

    MEDIUM
    CVE-2023-51592

    BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 5.7

    MEDIUM
    CVE-2023-51594

    BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 7.1

    HIGH
    CVE-2023-51596

    BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this... Read more

    Affected Products : bluez
    • Published: May. 03, 2024
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-47966

    Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : power_automate_for_desktop
    • Published: Jun. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-29817

    Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network.... Read more

    Affected Products : power_automate_for_desktop
    • Published: Apr. 15, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-49713

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : edge_chromium
    • Published: Jul. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-49563

    Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... Read more

    Affected Products : unity_operating_environment
    • Published: Mar. 28, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-29825

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge_chromium
    • Published: May. 02, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-12766

    parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized web res... Read more

    Affected Products : lollms_web_ui
    • Published: Mar. 20, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 293604 Results