Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-2379

    libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certi... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 3.4

    LOW
    CVE-2025-0167

    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-5025

    libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, f... Read more

    Affected Products : curl
    • Published: May. 28, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-5399

    Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the ... Read more

    Affected Products : curl
    • Published: Jun. 07, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-0665

    libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31181

    A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31180

    A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-31179

    A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31178

    A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-31176

    A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-9858

    There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" com... Read more

    Affected Products : migrate_to_containers
    • Published: Oct. 16, 2024
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2023-0669

    Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Actively Exploited
    • EPSS Score: %94.38
    • Published: Feb. 06, 2023
    • Modified: Jul. 30, 2025

  • 3.3

    LOW
    CVE-2023-26083

    Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Dri... Read more

    • Actively Exploited
    • EPSS Score: %0.36
    • Published: Apr. 06, 2023
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2023-35674

    In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Actively Exploited
    • EPSS Score: %0.06
    • Published: Sep. 11, 2023
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20353

    A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, result... Read more

    • Actively Exploited
    • Published: Apr. 24, 2024
    • Modified: Jul. 30, 2025

  • 6.0

    MEDIUM
    CVE-2024-20359

    A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticat... Read more

    • Actively Exploited
    • Published: Apr. 24, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-24919

    Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available... Read more

    • Actively Exploited
    • Published: May. 28, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-3273

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET ... Read more

    • Actively Exploited
    • Published: Apr. 04, 2024
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2024-51378

    getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which... Read more

    Affected Products : cyberpanel
    • Actively Exploited
    • Published: Oct. 29, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-58136

    Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.... Read more

    Affected Products : yii
    • Actively Exploited
    • Published: Apr. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291783 Results