Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-8584

    A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Lo... Read more

    Affected Products : libav
    • Published: Aug. 05, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-32981

    Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inje... Read more

    Affected Products : framework
    • Published: Jul. 17, 2024
    • Modified: Sep. 04, 2025

  • 8.0

    HIGH
    CVE-2024-2469

    An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 a... Read more

    Affected Products : enterprise_server
    • Published: Mar. 20, 2024
    • Modified: Sep. 04, 2025

  • 7.7

    HIGH
    CVE-2024-32477

    Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it's possible to manipulate the permission prompt and force it... Read more

    Affected Products : deno
    • Published: Apr. 18, 2024
    • Modified: Sep. 04, 2025

  • 4.9

    MEDIUM
    CVE-2025-9162

    A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injectio... Read more

    Affected Products : keycloak
    • Published: Aug. 21, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-8419

    A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the att... Read more

    Affected Products : keycloak
    • Published: Aug. 06, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55621

    An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional beh... Read more

    Affected Products : reolink
    • Published: Aug. 22, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-43689

    Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.... Read more

    • Published: Oct. 21, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-32473

    Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks whe... Read more

    Affected Products : moby
    • Published: Apr. 18, 2024
    • Modified: Sep. 04, 2025

  • 4.3

    MEDIUM
    CVE-2024-29885

    silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for th... Read more

    Affected Products : silverstripe reports
    • Published: Jul. 17, 2024
    • Modified: Sep. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-38353

    CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD ... Read more

    Affected Products : codimd
    • Published: Jul. 10, 2024
    • Modified: Sep. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-32467

    MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.... Read more

    Affected Products : metersphere
    • Published: Apr. 25, 2024
    • Modified: Sep. 04, 2025

  • 7.7

    HIGH
    CVE-2024-39701

    Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would ... Read more

    Affected Products : directus
    • Published: Jul. 08, 2024
    • Modified: Sep. 04, 2025

  • 9.1

    CRITICAL
    CVE-2024-32880

    pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publicatio... Read more

    Affected Products : pyload
    • Published: Apr. 26, 2024
    • Modified: Sep. 04, 2025

  • 9.0

    CRITICAL
    CVE-2024-31225

    RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a size check before copying data to the `_result_buf` stati... Read more

    Affected Products : riot riot
    • Published: May. 01, 2024
    • Modified: Sep. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-31223

    Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL... Read more

    Affected Products : fides
    • Published: Jul. 03, 2024
    • Modified: Sep. 04, 2025

  • 7.1

    HIGH
    CVE-2024-53271

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 7.1

    HIGH
    CVE-2025-24030

    Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies man... Read more

    Affected Products : gateway
    • Published: Jan. 23, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2024-28253

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`.... Read more

    Affected Products : openmetadata
    • Published: Mar. 15, 2024
    • Modified: Sep. 04, 2025

  • 5.3

    MEDIUM
    CVE-2025-25294

    Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnera... Read more

    Affected Products : gateway
    • Published: Mar. 06, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292862 Results