Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.0

    LOW
    CVE-2025-52136

    In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability... Read more

    Affected Products : emqx
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-45765

    ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions ... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-30405

    An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-30404

    An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9d... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-2082

    Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The... Read more

    Affected Products : model_3_firmware model_3
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-13943

    Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2024-6029

    Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnera... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2024-6032

    Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the targ... Read more

    Affected Products : model_s_firmware model_s
    • Published: Apr. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-11611

    AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is require... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-11610

    AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction is require... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-11609

    AutomationDirect C-More EA9 EAP9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. User interaction ... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2023-39478

    Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authe... Read more

    Affected Products : secure_integration_server
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 8.8

    HIGH
    CVE-2023-39479

    Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to expl... Read more

    Affected Products : secure_integration_server
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2023-39480

    Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authenticati... Read more

    Affected Products : secure_integration_server
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 3.1

    LOW
    CVE-2023-5600

    An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific referenc... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-4994

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading ... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-4025

    A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted ... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-5121

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-2443

    An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before ... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-7586

    An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291255 Results