Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2024-25047

    IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956.... Read more

    Affected Products : oncommand_insight cognos_analytics
    • Published: May. 02, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-20672

    In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-20673

    In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-33... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-20675

    In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-33... Read more

    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-48940

    MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit th... Read more

    Affected Products : mybb
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Path Traversal

  • 5.2

    MEDIUM
    CVE-2025-46707

    Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.... Read more

    Affected Products : ddk
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-44559

    An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-44557

    A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2025-26486

    Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cryptography

  • 5.8

    MEDIUM
    CVE-2025-26485

    A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). The difference in the returned error messages could be used by att... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2023-40735

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-0... Read more

    Affected Products : butterfly_button
    • Published: Aug. 21, 2023
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-32002

    The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x... Read more

    Affected Products : node.js
    • Published: Aug. 21, 2023
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-37050

    In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerabili... Read more

    Affected Products : debian_linux poppler
    • Published: Aug. 22, 2023
    • Modified: Jul. 02, 2025

  • 5.3

    MEDIUM
    CVE-2025-48941

    MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specifi... Read more

    Affected Products : mybb
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24064

    Use after free in DNS Server allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2024-36486

    A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and write... Read more

    Affected Products : parallels_desktop
    • Published: Jun. 03, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-24066

    Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025

  • 7.8

    HIGH
    CVE-2025-24081

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24075

    Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24083

    Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293669 Results