Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2024-29072

    A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can r... Read more

    • Published: May. 28, 2024
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-24798

    Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025

  • 8.0

    HIGH
    CVE-2025-53637

    Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull reque... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-47065

    Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 11, 2025
    • Modified: Aug. 22, 2025

  • 4.6

    MEDIUM
    CVE-2025-27401

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports ... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-24029

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has b... Read more

    Affected Products : tuleap
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-36123

    Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namesp... Read more

    Affected Products : citizen
    • Published: Jun. 03, 2024
    • Modified: Aug. 22, 2025

  • 5.4

    MEDIUM
    CVE-2025-27156

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indire... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-27150

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by s... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025

  • 7.8

    HIGH
    CVE-2022-1242

    Apport can be tricked into connecting to arbitrary sockets as the root user... Read more

    Affected Products : ubuntu_linux apport
    • Published: Jun. 03, 2024
    • Modified: Aug. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-37167

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.... Read more

    Affected Products : tuleap
    • Published: Jun. 25, 2024
    • Modified: Aug. 22, 2025

  • 4.6

    MEDIUM
    CVE-2025-27402

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or upd... Read more

    Affected Products : tuleap
    • Published: Mar. 04, 2025
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-1305

    tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space... Read more

    • Published: Jul. 08, 2024
    • Modified: Aug. 22, 2025

  • 5.3

    MEDIUM
    CVE-2025-52899

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form a... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025

  • 4.3

    MEDIUM
    CVE-2025-53902

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially acce... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025

  • 7.8

    HIGH
    CVE-2025-8672

    MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary com... Read more

    Affected Products : macos gimp
    • Published: Aug. 11, 2025
    • Modified: Aug. 22, 2025

  • 4.3

    MEDIUM
    CVE-2025-54129

    HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response when requesting... Read more

    Affected Products : haxcms-php haxcms-nodejs haxiam
    • Published: Jul. 21, 2025
    • Modified: Aug. 22, 2025

  • 7.3

    HIGH
    CVE-2025-54137

    HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys... Read more

    Affected Products : haxcms-php haxcms-nodejs
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025

  • 6.1

    MEDIUM
    CVE-2025-54139

    HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other... Read more

    Affected Products : haxcms-php haxcms-nodejs haxcms-php
    • Published: Jul. 23, 2025
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2024-12812

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 is affected by an IDOR issue where employees can manipulate parameters to access the data of terminated employees.... Read more

    Affected Products : wp_erp
    • Published: May. 15, 2025
    • Modified: Aug. 22, 2025
Showing 20 of 290955 Results