Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-9135

    A vulnerability was detected in Verkehrsauskunft Österreich SmartRide, cleVVVer and BusBahnBim up to 12.1.1(258). The impacted element is an unknown function of the file AndroidManifest.xml. The manipulation results in improper export of android applicati... Read more

    Affected Products : smartride
    • Published: Aug. 19, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-55835

    File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-55996

    Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-10319

    A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be ... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-10274

    A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-10273

    A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be use... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-54258

    Substance3D - Modeler versions 1.22.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must o... Read more

    Affected Products : substance_3d_modeler
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54259

    Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : substance_3d_modeler
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-54260

    Substance3D - Modeler versions 1.22.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to... Read more

    Affected Products : substance_3d_modeler
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-9136

    A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgradin... Read more

    Affected Products : retroarch
    • Published: Aug. 19, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-55226

    Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-55225

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.8

    HIGH
    CVE-2025-8672

    MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary com... Read more

    Affected Products : macos gimp
    • Published: Aug. 11, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-55224

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.0

    HIGH
    CVE-2025-55223

    Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.8

    HIGH
    CVE-2025-55317

    Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : autoupdate
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.8

    HIGH
    CVE-2025-55316

    External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_connected_machine_agent
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.8

    HIGH
    CVE-2025-55245

    Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : xbox_gaming_services
    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 7.8

    HIGH
    CVE-2025-55236

    Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2025-55234

    SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already ... Read more

    • Published: Sep. 09, 2025
    • Modified: Sep. 12, 2025
Showing 20 of 293565 Results