Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-24079

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-24070

    Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-24048

    Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-46548

    If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommend... Read more

    Affected Products : pekko_management akka_management
    • Published: Jun. 03, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-5063

    Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: May. 27, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-31368

    Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 5.4

    MEDIUM
    CVE-2024-31369

    Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 7.1

    HIGH
    CVE-2024-31367

    Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. ... Read more

    Affected Products : soledad
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 5.5

    MEDIUM
    CVE-2025-48888

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-48934

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--d... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-48935

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patc... Read more

    Affected Products : deno
    • Published: Jun. 04, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-0691

    Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-3768

    Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.... Read more

    Affected Products : devolutions_server
    • Published: Jun. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-2975

    A race condition was identified through which privilege escalation was possible in certain configurations.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Apr. 09, 2024
    • Modified: Jul. 02, 2025

  • 6.5

    MEDIUM
    CVE-2025-4679

    A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : active_backup_for_microsoft_365
    • Published: May. 16, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2024-49194

    Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could pote... Read more

    Affected Products :
    • Published: Dec. 17, 2024
    • Modified: Jul. 02, 2025

  • 4.3

    MEDIUM
    CVE-2025-52711

    Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a thro... Read more

    • Published: Jun. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.4

    HIGH
    CVE-2024-8676

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod reques... Read more

    Affected Products : openshift_container_platform
    • Published: Nov. 26, 2024
    • Modified: Jul. 02, 2025

  • 4.6

    MEDIUM
    CVE-2024-41927

    Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, ... Read more

    • Published: Sep. 04, 2024
    • Modified: Jul. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-37092

    A command injection remote code execution vulnerability exists in HPE StoreOnce Software.... Read more

    Affected Products : storeonce_system
    • Published: Jun. 02, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection
Showing 20 of 293962 Results