Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-5209

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-4782

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-4781

    A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.... Read more

    Affected Products :
    • Published: Aug. 16, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2023-6603

    A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 31, 2024
    • Modified: Aug. 21, 2025

  • 4.8

    MEDIUM
    CVE-2023-38533

    A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the updat... Read more

    Affected Products : tia_administrator
    • Published: Jun. 11, 2024
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2024-37905

    authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin acce... Read more

    Affected Products : authentik
    • Published: Jun. 28, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9087

    A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overfl... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 16, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9088

    A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiate... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 16, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9089

    A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-9090

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025

  • 7.8

    HIGH
    CVE-2025-9091

    A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. ... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-38371

    authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an applicat... Read more

    Affected Products : authentik
    • Published: Jun. 28, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2023-6247

    The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.... Read more

    Affected Products : openvpn openvpn_3
    • Published: Feb. 29, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-34478

    btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigne... Read more

    Affected Products : btcd
    • Published: May. 05, 2024
    • Modified: Aug. 21, 2025

  • 3.9

    LOW
    CVE-2024-31636

    An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.... Read more

    Affected Products : lief
    • Published: May. 03, 2024
    • Modified: Aug. 21, 2025

  • 8.2

    HIGH
    CVE-2025-32988

    A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will cal... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 21, 2025

  • 5.3

    MEDIUM
    CVE-2024-2641

    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization.... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-57734

    In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-2642

    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. T... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 8.5

    HIGH
    CVE-2025-23365

    A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to es... Read more

    Affected Products : tia_administrator
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
Showing 20 of 290955 Results