Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-24057

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24050

    Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-44091

    yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.... Read more

    Affected Products : crud
    • Published: Jun. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-24051

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-48474

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conv... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24056

    Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-48475

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user ... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-24059

    Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4433

    Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups wi... Read more

    Affected Products : devolutions_server
    • Published: May. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-40908

    YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified... Read more

    Affected Products : yaml-libyaml
    • Published: Jun. 01, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2024-25047

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: May. 02, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-20672

    In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20673

    In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-33... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-20675

    In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-33... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-48940

    MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit th... Read more

    Affected Products : mybb
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 5.2

    MEDIUM
    CVE-2025-46707

    Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.... Read more

    Affected Products : ddk
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-44559

    An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-44557

    A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-26486

    Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cryptography

  • 5.8

    MEDIUM
    CVE-2025-26485

    A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). The difference in the returned error messages could be used by att... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication
Showing 20 of 293659 Results