Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-50650

    python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.... Read more

    Affected Products : python_book
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2024-51141

    An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.... Read more

    Affected Products : a6000ub_firmware a6000ub
    • Published: Nov. 15, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-50848

    An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.... Read more

    Affected Products : worldserver
    • Published: Nov. 18, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2025-3902

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.... Read more

    Affected Products : block_class
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-33781

    MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-33782

    MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-33783

    MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2024-33780

    MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products : multi-protocol_spdz
    • Published: May. 07, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-38875

    An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.3

    MEDIUM
    CVE-2024-39329

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusabl... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-39330

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, pote... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2024-39614

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2025-30321

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in ... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-43558

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43589

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43590

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43593

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-47104

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47105

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-47106

    InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293510 Results