Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-49216

    An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-49215

    A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49214

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privile... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-49213

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different m... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-49212

    An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different m... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-49211

    A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : endpoint_encryption_policy_server
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-48443

    Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administr... Read more

    Affected Products : password_manager
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-41413

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-41388

    Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-32412

    Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-30642

    A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg... Read more

    Affected Products : deep_security_agent
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-30641

    A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execut... Read more

    Affected Products : deep_security_agent
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-30640

    A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s... Read more

    Affected Products : deep_security_agent
    • Published: Jun. 17, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-5141

    A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix ... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-49847

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper _try_copy in llama.cpp/src/vocab.cp... Read more

    Affected Products : llama.cpp llama.cpp
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 2.9

    LOW
    CVE-2025-45526

    A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class.... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-45525

    A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the resu... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-30680

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects t... Read more

    Affected Products : apex_central
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-30679

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.... Read more

    Affected Products : apex_central
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-30678

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.... Read more

    Affected Products : apex_central
    • Published: Jun. 17, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 291825 Results