Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-20696

    In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android openwrt yocto rdk-b zephyr mt6781 mt6789 mt6813 mt6833 mt6835 +27 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025

  • 6.7

    MEDIUM
    CVE-2025-20697

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products : android mt6853 mt6855 mt6877 mt6878 mt6879 mt6883 mt6885 mt6889 mt6893 +19 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025

  • 6.7

    MEDIUM
    CVE-2025-20698

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more

    Affected Products : android mt6781 mt6789 mt6833 mt6835 mt6853 mt6855 mt6877 mt6878 mt6879 +30 more products
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2025-53738

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025

  • 7.2

    HIGH
    CVE-2025-38739

    Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.... Read more

    Affected Products : digital_delivery
    • Published: Aug. 04, 2025
    • Modified: Aug. 18, 2025

  • 8.4

    HIGH
    CVE-2025-54652

    Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025

  • 8.4

    HIGH
    CVE-2025-54653

    Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.... Read more

    Affected Products : harmonyos
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-50234

    MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc... Read more

    Affected Products : mccms
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025

  • 3.5

    LOW
    CVE-2025-38746

    Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Inf... Read more

    Affected Products : supportassist_os_recovery
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2025-38747

    Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more

    Affected Products : supportassist_os_recovery
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-55167

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-8967

    A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launc... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-8966

    A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be init... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2023-42126

    G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the abili... Read more

    Affected Products : total_security
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.0

    HIGH
    CVE-2023-42128

    Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this ... Read more

    Affected Products : axiom
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2023-42129

    A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2023-42130

    A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to ex... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2023-42131

    Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vul... Read more

    Affected Products : spaceclaim
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 7.8

    HIGH
    CVE-2023-44428

    MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : musescore
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2023-44438

    Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this v... Read more

    Affected Products : argon
    • Published: May. 03, 2024
    • Modified: Aug. 18, 2025
Showing 20 of 290977 Results