Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-33780

    MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-38875

    An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.3

    MEDIUM
    CVE-2024-39329

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusabl... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-39330

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, pote... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-39614

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2025-30321

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in ... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-43558

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43589

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43590

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43593

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-47104

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47105

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47106

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-30317

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2009-2631

    Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Ga... Read more

    • Published: Dec. 04, 2009
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2024-37289

    An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i... Read more

    Affected Products : apex_one
    • Published: Jun. 10, 2024
    • Modified: Jun. 16, 2025

  • 8.8

    HIGH
    CVE-2025-3638

    A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2024-36304

    A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-p... Read more

    Affected Products : apex_one
    • Published: Jun. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2025-45236

    A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.... Read more

    Affected Products : dbsyncer
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-45237

    Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.... Read more

    Affected Products : dbsyncer
    • Published: May. 05, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 293505 Results