Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-2600

    Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affec... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-12670

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the c... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2017-9369

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher priv... Read more

    Affected Products : qnx_software_development_platform
    • Published: Nov. 14, 2017
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2017-3892

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack b... Read more

    Affected Products : qnx_software_development_platform
    • Published: Nov. 14, 2017
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-0928

    In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the d... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-56197

    Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagge... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-53513

    The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain acc... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53512

    The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-52521

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-53835

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the `xdom+xml/current... Read more

    Affected Products : xwiki xwiki-rendering
    • Published: Jul. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-53014

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that caus... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-53836

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro... Read more

    Affected Products : xwiki xwiki-rendering
    • Published: Jul. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-53895

    ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they kno... Read more

    Affected Products : zitadel
    • Published: Jul. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-39835

    A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-suppl... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-39289

    A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-suppl... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-41148

    A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a t... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-41921

    A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a RO... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-3753

    A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-suppli... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2022-28653

    Users can consume unlimited disk space in /var/crash... Read more

    Affected Products : apport
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2020-11936

    gdbus setgid privilege escalation... Read more

    Affected Products : apport
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization
Showing 20 of 293186 Results