Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-5943

    MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulne... Read more

    Affected Products : dicom_viewer
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43588

    Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : substance_3d_sampler
    • Published: Jun. 10, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-43581

    Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mus... Read more

    Affected Products : substance_3d_sampler
    • Published: Jun. 10, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-36580

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabilit... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-36578

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-36577

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabilit... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-36576

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-36575

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information dis... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-36574

    Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access... Read more

    Affected Products : wyse_management_suite
    • Published: Jun. 10, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Path Traversal

  • 6.6

    MEDIUM
    CVE-2025-2884

    TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standar... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 13, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-2474

    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-0052

    Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.... Read more

    Affected Products : purity
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-0051

    Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-37396

    A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to th... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-37395

    A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. Th... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-37394

    A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. T... Read more

    Affected Products : redcap
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-5970

    A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to cross s... Read more

    Affected Products : restaurant_table_booking_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-5969

    A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buf... Read more

    Affected Products : dir-632_firmware dir-632
    • Published: Jun. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-47977

    Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2025-47969

    Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.... Read more

    • Published: Jun. 10, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291384 Results