Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-34290

    Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs fi... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Race Condition

  • 8.5

    HIGH
    CVE-2025-68055

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-53000

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF ... Read more

    Affected Products : nbconvert
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2023-53973

    Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quaranti... Read more

    Affected Products : total_security
    • Published: Dec. 22, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-14305

    ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which will be executed by the system and result in privilege escalation.... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-68053

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-64465

    There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a ... Read more

    Affected Products : labview
    • Published: Dec. 18, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-67950

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-64461

    There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to g... Read more

    Affected Products : labview
    • Published: Dec. 18, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-68054

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Vid... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2023-53912

    USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives ... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-34417

    MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integri... Read more

    Affected Products : mailenable
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-34421

    MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integri... Read more

    Affected Products : mailenable
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2020-36879

    Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerabi... Read more

    Affected Products : diskboss diskboss
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-34352

    JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged creat... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Race Condition

  • 8.5

    HIGH
    CVE-2025-13152

    A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.... Read more

    Affected Products : one_client
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-12046

    A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.... Read more

    Affected Products : app_store browser
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2024-58278

    perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to byp... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-62093

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows SQL Injection.This issue affects Image&Video FullScreen Background:... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-34422

    MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integri... Read more

    Affected Products : mailenable
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 5287 Results