Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-55921

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-55920

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-55894

    TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Addit... Read more

    Affected Products : typo3
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-30355

    Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been f... Read more

    Affected Products : synapse
    • Published: Mar. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-24916

    Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).... Read more

    Affected Products : windows smartconsole
    • Published: Jun. 19, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-48988

    SQL Injection vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. This vulnerability is present only in the distribution package (... Read more

    Affected Products : streampark
    • Published: Aug. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-55194

    Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server ... Read more

    Affected Products : part-db
    • Published: Aug. 13, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-50422

    Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.... Read more

    Affected Products : cairo
    • Published: Aug. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-48964

    ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer ove... Read more

    Affected Products : iputils
    • Published: Jul. 22, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-46686

    Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because... Read more

    Affected Products : redis
    • Published: Jul. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2025-45854

    /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.... Read more

    Affected Products : jehc-bpm
    • Published: Jun. 03, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-45764

    jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the defau... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-45525

    A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the resu... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-0296

    A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the a... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-0295

    A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripti... Read more

    Affected Products : online_book_shop online_book_shop
    • Published: Jan. 07, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-7993

    A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the ... Read more

    Affected Products : revit
    • Published: Oct. 16, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-7674

    A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current pro... Read more

    • Published: Sep. 30, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-7672

    A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrar... Read more

    • Published: Sep. 30, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2024-38360

    Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed... Read more

    Affected Products : discourse
    • Published: Jul. 15, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2024-6714

    An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.... Read more

    • Published: Jul. 23, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 292316 Results