Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2023-0092

    An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.... Read more

    Affected Products : juju
    • Published: Jan. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-8037

    Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perf... Read more

    Affected Products : juju
    • Published: Oct. 02, 2024
    • Modified: Aug. 26, 2025

  • 5.7

    MEDIUM
    CVE-2024-42491

    Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion start... Read more

    Affected Products : asterisk asterisk certified_asterisk
    • Published: Sep. 05, 2024
    • Modified: Aug. 26, 2025

  • 9.4

    CRITICAL
    CVE-2024-47062

    Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furt... Read more

    Affected Products : navidrome
    • Published: Sep. 20, 2024
    • Modified: Aug. 26, 2025

  • 7.9

    HIGH
    CVE-2024-8038

    Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.... Read more

    Affected Products : juju
    • Published: Oct. 02, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2024-9313

    Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.... Read more

    Affected Products : authd
    • Published: Oct. 03, 2024
    • Modified: Aug. 26, 2025

  • 4.4

    MEDIUM
    CVE-2024-31227

    Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis ... Read more

    Affected Products : redis
    • Published: Oct. 07, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-9312

    Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.... Read more

    Affected Products : authd
    • Published: Oct. 10, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-7558

    JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID v... Read more

    Affected Products : juju
    • Published: Oct. 02, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-10224

    Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by pas... Read more

    Affected Products : debian_linux modules\
    • Published: Nov. 19, 2024
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2025-48382

    Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential informat... Read more

    Affected Products : fess
    • Published: May. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-48495

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clic... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-48494

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename.... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-11586

    Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.... Read more

    Affected Products : ubuntu_linux pulseaudio
    • Published: Nov. 23, 2024
    • Modified: Aug. 26, 2025

  • 3.8

    LOW
    CVE-2024-6156

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-4140

    An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.... Read more

    Affected Products : fedora email-mime
    • Published: May. 02, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-5138

    The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to... Read more

    Affected Products : snapd
    • Published: May. 31, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2021-3899

    There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.... Read more

    Affected Products : ubuntu_linux apport
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.4

    HIGH
    CVE-2022-0555

    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions... Read more

    Affected Products : subiquity
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.3

    CRITICAL
    CVE-2020-27352

    When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemo... Read more

    Affected Products : ubuntu_linux snapd
    • Published: Jun. 21, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 293284 Results