Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-5382

    Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-24078

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-24077

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-5493

    A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation of the argument data leads to sql injec... Read more

    Affected Products : channel_middleware_product
    • Published: Jun. 03, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-24079

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-24070

    Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-24048

    Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-46548

    If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommend... Read more

    Affected Products : pekko_management akka_management
    • Published: Jun. 03, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5063

    Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-31368

    Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-31369

    Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 7.1

    HIGH
    CVE-2024-31367

    Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-48888

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-48934

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--d... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-48935

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patc... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-0691

    Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-3768

    Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-2975

    A race condition was identified through which privilege escalation was possible in certain configurations.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-4679

    A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : active_backup_for_microsoft_365
    • Published: May. 16, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2024-49194

    Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could pote... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Jul. 02, 2025
Showing 20 of 293940 Results