Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2023-49721

    An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : edk2 lxd
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2023-7207

    Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.... Read more

    Affected Products : cpio
    • Published: Feb. 29, 2024
    • Modified: Aug. 26, 2025

  • 2.8

    LOW
    CVE-2024-2314

    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not a... Read more

    • Published: Mar. 10, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-28242

    Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. U... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-29199

    Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticate... Read more

    Affected Products : nautobot
    • Published: Mar. 26, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-3250

    It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also... Read more

    Affected Products : pebble
    • Published: Apr. 04, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2024-2312

    GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.... Read more

    Affected Products : bootstrap_os hci_compute_node grub2
    • Published: Apr. 05, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2025-31124

    Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt ... Read more

    Affected Products : zitadel
    • Published: Mar. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-12199

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11608

    A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11454

    A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11422

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2025-27507

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM... Read more

    Affected Products : zitadel
    • Published: Mar. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-41147

    An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulner... Read more

    Affected Products : miniaudio
    • Published: Mar. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-27515

    Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.... Read more

    Affected Products : framework
    • Published: Mar. 05, 2025
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2022-1804

    accountsservice no longer drops permissions when writting .pam_environment... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Mar. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-0881

    Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to ... Read more

    Affected Products : linux-bluefield
    • Published: Mar. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-31123

    Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This a... Read more

    Affected Products : zitadel
    • Published: Mar. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2024-55948

    Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects ... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-36727

    Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.... Read more

    Affected Products : simplehelp
    • Published: Jul. 25, 2025
    • Modified: Aug. 26, 2025
Showing 20 of 293262 Results