Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-24044

    Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-24043

    Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.... Read more

    Affected Products : windbg
    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 8.1

    HIGH
    CVE-2025-24035

    Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-22213

    Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.... Read more

    Affected Products : joomla\!
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-21247

    Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-21199

    Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-21180

    Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21169

    Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : substance_3d_designer
    • Published: Mar. 11, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-0149

    Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-9157

    ** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-56338

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Mar. 11, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-27617

    Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.... Read more

    Affected Products : pimcore
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-27602

    Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or... Read more

    Affected Products : umbraco_cms
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-27601

    Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and upda... Read more

    Affected Products : umbraco_cms
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-25747

    Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint... Read more

    Affected Products : hoteldruid
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-25680

    LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially cra... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-27403

    Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be c... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-22454

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : secure_access_client
    • Published: Mar. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-55597

    A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2024-55592

    An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all ver... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization
Showing 20 of 293344 Results