Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-22156

    An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.... Read more

    • EPSS Score: %0.65
    • Published: Aug. 17, 2021
    • Modified: Aug. 22, 2025

  • 10.0

    CRITICAL
    CVE-2020-6932

    An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executabl... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %3.63
    • Published: Aug. 12, 2020
    • Modified: Aug. 22, 2025

  • 7.8

    HIGH
    CVE-2019-8998

    An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potential... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.05
    • Published: Jul. 12, 2019
    • Modified: Aug. 22, 2025

  • 8.2

    HIGH
    CVE-2024-29072

    A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can r... Read more

    • Published: May. 28, 2024
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-24798

    Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-53637

    Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull reque... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2024-47065

    Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2025-27401

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports ... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-24029

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has b... Read more

    Affected Products : tuleap
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-36123

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namesp... Read more

    Affected Products : citizen
    • Published: Jun. 03, 2024
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-27156

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indire... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-27150

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by s... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025

  • 7.8

    HIGH
    CVE-2022-1242

    Apport can be tricked into connecting to arbitrary sockets as the root user... Read more

    Affected Products : ubuntu_linux apport
    • Published: Jun. 03, 2024
    • Modified: Aug. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-37167

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.... Read more

    Affected Products : tuleap
    • Published: Jun. 25, 2024
    • Modified: Aug. 22, 2025

  • 4.6

    MEDIUM
    CVE-2025-27402

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or upd... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2024-1305

    tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space... Read more

    • Published: Jul. 08, 2024
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-52899

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form a... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-53902

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially acce... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-8672

    MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary com... Read more

    Affected Products : macos gimp
    • Published: Aug. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-54129

    HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting... Read more

    Affected Products : haxcms-php haxcms-nodejs haxiam
    • Published: Jul. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291722 Results