Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-26683

    Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_playwright
    • Published: Mar. 31, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-27591

    A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks ... Read more

    Affected Products : below
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24045

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-25659

    In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 03, 2025

  • 9.0

    CRITICAL
    CVE-2024-25660

    The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges.... Read more

    • Published: Oct. 01, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-33210

    A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users.... Read more

    Affected Products : flatpress
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-45960

    Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 4.8

    MEDIUM
    CVE-2024-45964

    Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field.... Read more

    Affected Products : zenario
    • Published: Oct. 02, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2025-24043

    Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more

    Affected Products : windbg
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2023-4358

    Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Aug. 15, 2023
    • Modified: Jul. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-4104

    An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerabi... Read more

    Affected Products : vpn
    • Published: Sep. 11, 2023
    • Modified: Jul. 03, 2025

  • 8.8

    HIGH
    CVE-2023-40072

    OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.... Read more

    • Published: Aug. 18, 2023
    • Modified: Jul. 03, 2025

  • 5.3

    MEDIUM
    CVE-2023-32003

    `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. T... Read more

    Affected Products : fedora node.js
    • Published: Aug. 15, 2023
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-46409

    A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.... Read more

    Affected Products : seeddms
    • Published: Oct. 04, 2024
    • Modified: Jul. 03, 2025

  • 8.1

    HIGH
    CVE-2025-24035

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-45919

    A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to una... Read more

    Affected Products : solvait
    • Published: Oct. 07, 2024
    • Modified: Jul. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-21247

    Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-24071

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-21222

    Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-46535

    Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.... Read more

    Affected Products : jepaas
    • Published: Oct. 14, 2024
    • Modified: Jul. 03, 2025
Showing 20 of 293679 Results