Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-26637

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-24074

    Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26635

    Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-42902

    An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function... Read more

    Affected Products : limesurvey
    • Published: Sep. 03, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-41435

    YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.... Read more

    Affected Products : yugabytedb
    • Published: Sep. 03, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-41436

    ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl.... Read more

    Affected Products : clickhouse
    • Published: Sep. 03, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2025-26639

    Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-42885

    SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.... Read more

    Affected Products : cdg
    • Published: Sep. 05, 2024
    • Modified: Jul. 03, 2025

  • 6.3

    MEDIUM
    CVE-2024-42759

    An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.... Read more

    Affected Products : ellevo
    • Published: Sep. 09, 2024
    • Modified: Jul. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-44085

    ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 ... Read more

    Affected Products : onlyoffice
    • Published: Sep. 09, 2024
    • Modified: Jul. 03, 2025

  • 8.8

    HIGH
    CVE-2023-37229

    Loftware Spectrum before 5.1 allows SSRF.... Read more

    Affected Products : spectrum
    • Published: Sep. 10, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2025-39499

    Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.This issue affects Medicare: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-34198

    TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTT... Read more

    Affected Products : a3002ru_firmware a3002ru
    • Published: Aug. 28, 2024
    • Modified: Jul. 03, 2025

  • 7.4

    HIGH
    CVE-2025-21399

    Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability... Read more

    • Published: Jan. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47561

    Incorrect Privilege Assignment vulnerability in PT Norther Lights Production MapSVG allows Privilege Escalation.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: Jun. 09, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-47560

    Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: May. 16, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-47558

    Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13.... Read more

    Affected Products : mapsvg
    • Published: May. 23, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-38089

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet... Read more

    Affected Products : linux_kernel
    • Published: Jun. 30, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-40916

    Tiny File Manager v2.4.7 and below is vulnerable to session fixation.... Read more

    Affected Products : tiny_file_manager
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-57599

    Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php... Read more

    Affected Products : douphp
    • Published: Feb. 06, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293655 Results