Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-43580

    Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt... Read more

    Affected Products : macos windows audition
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-33054

    Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-26636

    Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.... Read more

    Affected Products : windows_11_24h2 windows_server_2025
    • Published: Jul. 08, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-21195

    Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_service_fabric service_fabric
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-21168

    Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this ... Read more

    Affected Products : substance_3d_designer
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-21167

    Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this ... Read more

    Affected Products : substance_3d_designer
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-21166

    Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_designer
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21165

    Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_designer
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21164

    Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim m... Read more

    Affected Products : substance_3d_designer
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2024-36357

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.6

    MEDIUM
    CVE-2024-36350

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-36349

    A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2024-36348

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-7185

    A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remo... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7184

    A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate... Read more

    Affected Products : library_system
    • Published: Jul. 08, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6771

    OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Jul. 08, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-5464

    Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.... Read more

    Affected Products : connect_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-43019

    A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.... Read more

    Affected Products : support_assistant
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-3648

    A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated u... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 6.6

    MEDIUM
    CVE-2025-0293

    CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Jul. 08, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection
Showing 20 of 291385 Results