Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-49743

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Race Condition

  • 4.3

    MEDIUM
    CVE-2025-49736

    The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-49712

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 7.9

    HIGH
    CVE-2025-49707

    Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-49559

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature b... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-49558

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could explo... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Race Condition

  • 8.7

    HIGH
    CVE-2025-49557

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into v... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-49556

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-49555

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a vic... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-49554

    Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-48807

    Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47954

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : sql_server_2022
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-33051

    Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-25007

    Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-25006

    Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25005

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-24999

    Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 5.6

    MEDIUM
    CVE-2025-20044

    Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-55167

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-55166

    savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scr... Read more

    Affected Products : svg-sanitizer
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293507 Results