Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21444

    Memory corruption while copying the result to the transmission queue in EMAC.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21426

    Memory corruption while processing camera TPG write request.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-47189

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-27051

    Memory corruption while processing command message in WLAN Host.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27044

    Memory corruption while executing timestamp video decode command with large input values.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27058

    Memory corruption while processing packet data with exceedingly large packet.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-27056

    Memory corruption during sub-system restart while processing clean-up to free up resources.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-45244

    Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.... Read more

    Affected Products : fabric
    • Published: Aug. 25, 2024
    • Modified: Jul. 21, 2025

  • 6.8

    MEDIUM
    CVE-2025-1121

    Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted ... Read more

    Affected Products : chrome_os
    • Published: Mar. 07, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-25257

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker ... Read more

    Affected Products : fortiweb
    • Actively Exploited
    • Published: Jul. 17, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-38435

    Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service... Read more

    Affected Products : visilogic vision_plc
    • Published: Jul. 21, 2024
    • Modified: Jul. 21, 2025

  • 4.7

    MEDIUM
    CVE-2025-25287

    Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires hig... Read more

    Affected Products :
    • Published: Feb. 13, 2025
    • Modified: Jul. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-52615

    A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.... Read more

    Affected Products : avahi
    • Published: Nov. 21, 2024
    • Modified: Jul. 21, 2025

  • 8.8

    HIGH
    CVE-2025-52089

    A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.... Read more

    Affected Products : n300rb_firmware n300rb
    • Published: Jul. 11, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-25568

    SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no u... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-25567

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself through the UI,... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-25566

    Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a com... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-25565

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-53821

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via t... Read more

    Affected Products : wegia
    • Published: Jul. 14, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2024-12777

    A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. ... Read more

    Affected Products : aim
    • Published: Mar. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291384 Results