Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2025-27488

    Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-27468

    Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-26685

    Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.... Read more

    Affected Products : defender_for_identity
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-26684

    External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : defender_for_endpoint
    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-26677

    Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-24063

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-21264

    Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.... Read more

    • Published: May. 13, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-0035

    Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2024-6364

    A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate... Read more

    Affected Products : persistence
    • Published: May. 13, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2024-36339

    A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2024-36321

    Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2024-21960

    Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-4428

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-4427

    An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.... Read more

    Affected Products : endpoint_manager_mobile
    • Actively Exploited
    • Published: May. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authentication

  • 1.8

    LOW
    CVE-2025-47278

    Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by ... Read more

    Affected Products : flask
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-47276

    Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password h... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2025-47204

    An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective ... Read more

    Affected Products : bootstrap_multiselect
    • Published: May. 13, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-46721

    nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass ... Read more

    Affected Products : nosurf
    • Published: May. 13, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-45858

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 13, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-45857

    EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.... Read more

    Affected Products : cv-7428ns_firmware cv-7428ns
    • Published: May. 13, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
Showing 20 of 293641 Results