Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.7

    LOW
    CVE-2025-48946

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malf... Read more

    Affected Products : liboqs
    • Published: May. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cryptography

  • 7.1

    HIGH
    CVE-2024-41159

    A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to tr... Read more

    Affected Products : onenote
    • Published: Dec. 18, 2024
    • Modified: Aug. 25, 2025

  • 9.1

    CRITICAL
    CVE-2024-39804

    A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program... Read more

    Affected Products : powerpoint
    • Published: Dec. 18, 2024
    • Modified: Aug. 25, 2025

  • 4.7

    MEDIUM
    CVE-2024-43374

    The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (includ... Read more

    Affected Products : vim bootstrap_os hci_compute_node
    • Published: Aug. 16, 2024
    • Modified: Aug. 25, 2025

  • 8.4

    HIGH
    CVE-2024-1929

    Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The... Read more

    Affected Products : dnf5 dnf5
    • Published: May. 08, 2024
    • Modified: Aug. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-4949

    In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, a... Read more

    Affected Products : jgit
    • Published: May. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-41689

    An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.... Read more

    Affected Products :
    • Published: Aug. 19, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-7969

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-... Read more

    Affected Products : markdown-it
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-47184

    An XML external entities (XXE) injection vulnerability in the /init API endpoint in Exagid EX10 before 6.4.0 P20, 7.0.1 P12, and 7.2.0 P08 allows an authenticated, unprivileged attacker to achieve information disclosure and privilege escalation via a craf... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-22884

    Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file.... Read more

    Affected Products : ispsoft
    • Published: Apr. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-22882

    Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file.... Read more

    Affected Products : ispsoft
    • Published: Apr. 30, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.6

    MEDIUM
    CVE-2025-5915

    A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read b... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-20377

    A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is ... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 25, 2025

  • 7.8

    HIGH
    CVE-2025-33027

    In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this... Read more

    Affected Products : bandizip
    • Published: Apr. 15, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2022-41066

    Microsoft Business Central Information Disclosure Vulnerability... Read more

    • EPSS Score: %0.29
    • Published: Nov. 09, 2022
    • Modified: Aug. 25, 2025

  • 3.5

    LOW
    CVE-2025-31494

    AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+g... Read more

    Affected Products : autogpt autogpt_platform
    • Published: Apr. 15, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2023-52226

    Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.This issue affects Advanced Flamingo: from n/a through 1.0. ... Read more

    Affected Products : advanced-flamingo advanced_flamingo
    • Published: Feb. 28, 2024
    • Modified: Aug. 25, 2025

  • 7.8

    HIGH
    CVE-2023-35709

    Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulne... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Aug. 25, 2025

  • 7.8

    HIGH
    CVE-2023-34310

    Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerabili... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Aug. 25, 2025

  • 7.8

    HIGH
    CVE-2023-42105

    Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this v... Read more

    Affected Products : cobalt
    • Published: May. 03, 2024
    • Modified: Aug. 25, 2025
Showing 20 of 291617 Results