Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-6632

    A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-51058

    Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL ... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-51057

    A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-51056

    An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-51055

    Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-51054

    Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-51053

    A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-51052

    A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-50740

    AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-47908

    Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-46660

    An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2024-55402

    4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-55399

    4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-55398

    4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-51624

    Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-46659

    An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-45766

    poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14... Read more

    Affected Products : poco
    • Published: Aug. 06, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 7.0

    HIGH
    CVE-2025-45764

    jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the defau... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-38747

    Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more

    Affected Products : supportassist_os_recovery
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-38746

    Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Inf... Read more

    Affected Products : supportassist_os_recovery
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292803 Results