Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-12199

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11608

    A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11454

    A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11422

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2025-27507

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM... Read more

    Affected Products : zitadel
    • Published: Mar. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-41147

    An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulner... Read more

    Affected Products : miniaudio
    • Published: Mar. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-27515

    Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1.... Read more

    Affected Products : framework
    • Published: Mar. 05, 2025
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2022-1804

    accountsservice no longer drops permissions when writting .pam_environment... Read more

    Affected Products : ubuntu_linux accountsservice
    • Published: Mar. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-0881

    Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to ... Read more

    Affected Products : linux-bluefield
    • Published: Mar. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-31123

    Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This a... Read more

    Affected Products : zitadel
    • Published: Mar. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2024-55948

    Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects ... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-36727

    Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.... Read more

    Affected Products : simplehelp
    • Published: Jul. 25, 2025
    • Modified: Aug. 26, 2025

  • 8.2

    HIGH
    CVE-2024-47773

    Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been ... Read more

    Affected Products : discourse
    • Published: Oct. 08, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-36728

    Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.... Read more

    Affected Products : simplehelp
    • Published: Jul. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-35227

    Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. T... Read more

    Affected Products : discourse
    • Published: Jul. 03, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2025-54380

    Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials (ie: org.opencastproject.security.digest.user an... Read more

    Affected Products : opencast
    • Published: Jul. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-27100

    Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to ex... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-27085

    Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Dis... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2025-54574

    Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work ar... Read more

    Affected Products : squid
    • Published: Aug. 01, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-54424

    1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificat... Read more

    Affected Products : 1panel
    • Published: Aug. 01, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication
Showing 20 of 293306 Results