Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-53076

    Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.... Read more

    Affected Products : rlottie
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-53074

    Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2.... Read more

    Affected Products : rlottie
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21180

    Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24067

    Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24061

    Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2018-9372

    In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2018-9409

    In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2018-9375

    In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-26631

    Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : visual_studio_code
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025

  • 7.2

    HIGH
    CVE-2025-24053

    Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 13, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-29807

    Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.... Read more

    Affected Products : dataverse
    • Published: Mar. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-29814

    Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Published: Mar. 21, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-26683

    Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_playwright
    • Published: Mar. 31, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-27591

    A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks ... Read more

    Affected Products : below
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24045

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-25659

    In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 03, 2025

  • 9.0

    CRITICAL
    CVE-2024-25660

    The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-33210

    A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.... Read more

    Affected Products : flatpress
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-45960

    Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-45964

    Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025
Showing 20 of 293651 Results