Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 2.1

    LOW
    CVE-2025-58352

    Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. Th... Read more

    Affected Products : weblate
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication
  • 7.2

    HIGH
    CVE-2025-58179

    Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image o... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Server-Side Request Forgery
  • 5.1

    MEDIUM
    CVE-2025-55739

    api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that insta... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication
  • 6.5

    MEDIUM
    CVE-2024-41206

    A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
  • 8.8

    HIGH
    CVE-2024-41209

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
  • 6.5

    MEDIUM
    CVE-2024-41217

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
  • 6.5

    MEDIUM
    CVE-2024-49776

    A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
  • 8.8

    HIGH
    CVE-2024-49777

    A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
  • 8.8

    HIGH
    CVE-2024-49778

    A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more

    Affected Products : tsmuxer
    • Published: Nov. 14, 2024
    • Modified: Sep. 05, 2025
  • 6.5

    MEDIUM
    CVE-2024-52520

    Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server ... Read more

    Affected Products : nextcloud_server notes
    • Published: Nov. 15, 2024
    • Modified: Sep. 05, 2025
  • 5.7

    MEDIUM
    CVE-2024-52509

    Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and t... Read more

    Affected Products : mail notes
    • Published: Nov. 15, 2024
    • Modified: Sep. 04, 2025
  • 9.8

    CRITICAL
    CVE-2024-10934

    In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.... Read more

    Affected Products : openbsd openbsd
    • Published: Nov. 15, 2024
    • Modified: Sep. 04, 2025
  • 8.8

    HIGH
    CVE-2024-51503

    A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitim... Read more

    Affected Products : deep_security_agent
    • Published: Nov. 19, 2024
    • Modified: Sep. 04, 2025
  • 7.5

    HIGH
    CVE-2024-52802

    RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processin... Read more

    Affected Products : riot
    • Published: Nov. 22, 2024
    • Modified: Sep. 04, 2025
  • 6.1

    MEDIUM
    CVE-2025-55305

    Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass ... Read more

    Affected Products : electron
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
  • 9.0

    CRITICAL
    CVE-2025-55244

    Azure Bot Service Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_bot_service
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
  • 6.5

    MEDIUM
    CVE-2025-55242

    Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : xbox_gaming_services
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
  • 9.0

    CRITICAL
    CVE-2025-55241

    Azure Entra Elevation of Privilege Vulnerability... Read more

    Affected Products : microsoft_entra_id
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
  • 7.5

    HIGH
    CVE-2025-55238

    Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability... Read more

    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
  • 5.1

    MEDIUM
    CVE-2025-55209

    contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePB... Read more

    Affected Products :
    • Published: Sep. 04, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292516 Results