Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-3892

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack b... Read more

    Affected Products : qnx_software_development_platform
    • Published: Nov. 14, 2017
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-0928

    In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the d... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-56197

    Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagge... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-53513

    The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain acc... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53512

    The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-52521

    Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.0

    CRITICAL
    CVE-2025-53835

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the `xdom+xml/current... Read more

    Affected Products : xwiki xwiki-rendering
    • Published: Jul. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-53014

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that caus... Read more

    Affected Products : imagemagick
    • Published: Jul. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-53836

    XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro... Read more

    Affected Products : xwiki xwiki-rendering
    • Published: Jul. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-53895

    ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they kno... Read more

    Affected Products : zitadel
    • Published: Jul. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-39835

    A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-suppl... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-39289

    A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-suppl... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-41148

    A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a t... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-41921

    A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a RO... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-3753

    A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-suppli... Read more

    • Published: Jul. 17, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2022-28653

    Users can consume unlimited disk space in /var/crash... Read more

    Affected Products : apport
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 3.1

    LOW
    CVE-2020-11936

    gdbus setgid privilege escalation... Read more

    Affected Products : apport
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2022-1736

    Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.... Read more

    Affected Products : ubuntu_linux gnome-remote-desktop
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2023-0092

    An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.... Read more

    Affected Products : juju
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-8037

    Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perf... Read more

    Affected Products : juju
    • Published: Oct. 02, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 293262 Results