Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.5

    MEDIUM
    CVE-2025-23252

    The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-49149

    Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-... Read more

    Affected Products : dify
    • Published: Jun. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-49825

    Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patc... Read more

    Affected Products : teleport
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-49593

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrat... Read more

    Affected Products : portainer
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Information Disclosure

  • 2.7

    LOW
    CVE-2025-49843

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions e... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 1.7

    LOW
    CVE-2025-49824

    conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identi... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Cryptography

  • 7.8

    HIGH
    CVE-2025-49385

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    Affected Products : windows maximum_security_2022
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-49384

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    Affected Products : windows maximum_security_2022
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-49218

    A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-49217

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different m... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49216

    An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-49215

    A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49214

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privile... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49213

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different m... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49212

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different m... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-49211

    A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-48443

    Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administr... Read more

    Affected Products : password_manager
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-41413

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-41388

    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-32412

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291395 Results