Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-32212

    SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components.... Read more

    Affected Products : lomag_warehouse_management
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-52313

    An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.al... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 6.9

    MEDIUM
    CVE-2024-52314

    A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with c... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 6.3

    MEDIUM
    CVE-2024-52311

    Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-10953

    An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 7.1

    HIGH
    CVE-2024-33429

    Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.... Read more

    Affected Products : phiola
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 8.6

    HIGH
    CVE-2024-12744

    A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30... Read more

    • Published: Dec. 24, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2024-33430

    An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.... Read more

    Affected Products : phiola
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 7.8

    HIGH
    CVE-2025-8893

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more

    • Published: Sep. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-8894

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    • Published: Sep. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-33431

    An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.... Read more

    Affected Products : phiola
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2024-4215

    pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within... Read more

    Affected Products : fedora pgadmin pgadmin_4
    • Published: May. 02, 2024
    • Modified: Sep. 19, 2025

  • 7.4

    HIGH
    CVE-2024-4216

    pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.... Read more

    Affected Products : fedora pgadmin pgadmin_4
    • Published: May. 02, 2024
    • Modified: Sep. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-34408

    Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file.... Read more

    Affected Products : tencent libpag
    • Published: May. 03, 2024
    • Modified: Sep. 19, 2025

  • 9.0

    CRITICAL
    CVE-2024-0087

    NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, ... Read more

    • Published: May. 14, 2024
    • Modified: Sep. 19, 2025

  • 6.4

    MEDIUM
    CVE-2025-9851

    The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmind_calendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : appointmind
    • Published: Sep. 17, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-25153

    A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to ... Read more

    • Published: Mar. 13, 2024
    • Modified: Sep. 19, 2025

  • 8.1

    HIGH
    CVE-2024-0088

    NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering... Read more

    • Published: May. 14, 2024
    • Modified: Sep. 19, 2025

  • 9.1

    CRITICAL
    CVE-2025-10643

    Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this... Read more

    Affected Products : repairit
    • Published: Sep. 17, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2025-10644

    Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : repairit
    • Published: Sep. 17, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authentication
Showing 20 of 294799 Results