Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-55245

    Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : xbox_gaming_services
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.8

    HIGH
    CVE-2025-55236

    Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-55234

    SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already ... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 8.1

    HIGH
    CVE-2025-9146

    A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launch... Read more

    Affected Products : e5600_firmware e5600
    • Published: Aug. 19, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2025-54241

    After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos windows after_effects
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-54240

    After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos windows after_effects
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-54239

    After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : macos windows after_effects
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-9147

    A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploi... Read more

    Affected Products : getsemantic
    • Published: Aug. 19, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-54251

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited un... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: XML External Entity

  • 4.9

    MEDIUM
    CVE-2025-54250

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and ... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-54248

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and g... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54249

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-54247

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and g... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54246

    Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gai... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-9556

    Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within lang... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-7635

    Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.... Read more

    Affected Products : gigacenter_ont
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-59139

    Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present.... Read more

    Affected Products : hono
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-59058

    httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the ... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-58754

    Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.11.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memor... Read more

    Affected Products : axios
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-55319

    Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : visual_studio_code
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
Showing 20 of 293604 Results