Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.8

    CRITICAL
    CVE-2025-43243

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization
  • 7.1

    HIGH
    CVE-2025-43224

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or ... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption
  • 7.5

    HIGH
    CVE-2025-43223

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
  • 9.8

    CRITICAL
    CVE-2025-43222

    A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An attacker may be able to cause unexpected app termination.... Read more

    Affected Products : macos ipados
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption
  • 8.8

    HIGH
    CVE-2025-54528

    In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 7.5

    HIGH
    CVE-2025-54529

    In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 7.1

    HIGH
    CVE-2025-0651

    Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges  can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Rese... Read more

    Affected Products : warp
    • Published: Jan. 22, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization
  • 5.3

    MEDIUM
    CVE-2020-3122

    A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.... Read more

    • Published: Mar. 04, 2025
    • Modified: Jul. 31, 2025
  • 6.1

    MEDIUM
    CVE-2024-20258

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Th... Read more

    • Published: May. 15, 2024
    • Modified: Jul. 31, 2025
  • 6.5

    MEDIUM
    CVE-2025-0143

    Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.... Read more

    • Published: Jan. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
  • 9.8

    CRITICAL
    CVE-2025-54530

    In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization
  • 9.4

    CRITICAL
    CVE-2025-54531

    In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal
  • 8.8

    HIGH
    CVE-2024-12389

    A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal
  • 4.9

    MEDIUM
    CVE-2025-53023

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols... Read more

    Affected Products : mysql_server mysql_cluster
    • Published: Jul. 15, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
  • 8.8

    HIGH
    CVE-2024-12390

    A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exp... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
  • 6.5

    MEDIUM
    CVE-2024-12391

    A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressi... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
  • 6.5

    MEDIUM
    CVE-2024-12392

    A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerabi... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Server-Side Request Forgery
  • 8.8

    HIGH
    CVE-2025-54536

    In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
  • 7.5

    HIGH
    CVE-2025-8262

    A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expre... Read more

    Affected Products : yarn
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service
  • 5.9

    MEDIUM
    CVE-2023-2593

    A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the s... Read more

    Affected Products : linux_kernel
    • Published: Jul. 30, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291360 Results