Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-24049

    Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-5687

    A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).... Read more

    Affected Products : vpn
    • Published: Jun. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-5986

    A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage d... Read more

    Affected Products : thunderbird
    • Published: Jun. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-0823

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary fi... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-56340

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 28, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2024-49352

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: XML External Entity

  • 9.0

    CRITICAL
    CVE-2024-51466

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources,... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 20, 2024
    • Modified: Jul. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-29744

    pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.... Read more

    Affected Products : pg-promise
    • Published: Jun. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-24055

    Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.0

    HIGH
    CVE-2024-40695

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload maliciou... Read more

    Affected Products : cognos_analytics
    • Published: Dec. 20, 2024
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2025-24057

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24050

    Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-44091

    yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.... Read more

    Affected Products : crud
    • Published: Jun. 12, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-24051

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-48474

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conv... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-24056

    Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-48475

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user ... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-24059

    Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4433

    Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups wi... Read more

    Affected Products : devolutions_server
    • Published: May. 30, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-40908

    YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified... Read more

    Affected Products : yaml-libyaml
    • Published: Jun. 01, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293669 Results