Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-10224

    Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by pas... Read more

    Affected Products : debian_linux modules\
    • Published: Nov. 19, 2024
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2025-48382

    Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential informat... Read more

    Affected Products : fess
    • Published: May. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-48495

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clic... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-48494

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename.... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-11586

    Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.... Read more

    Affected Products : ubuntu_linux pulseaudio
    • Published: Nov. 23, 2024
    • Modified: Aug. 26, 2025

  • 3.8

    LOW
    CVE-2024-6156

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-4140

    An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.... Read more

    Affected Products : fedora email-mime
    • Published: May. 02, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-5138

    The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to... Read more

    Affected Products : snapd
    • Published: May. 31, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2021-3899

    There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.... Read more

    Affected Products : ubuntu_linux apport
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.4

    HIGH
    CVE-2022-0555

    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions... Read more

    Affected Products : subiquity
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.3

    CRITICAL
    CVE-2020-27352

    When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemo... Read more

    Affected Products : ubuntu_linux snapd
    • Published: Jun. 21, 2024
    • Modified: Aug. 26, 2025

  • 6.3

    MEDIUM
    CVE-2024-37894

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.... Read more

    Affected Products : squid
    • Published: Jun. 25, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2023-48733

    An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : debian_linux edk2 lxd
    • EPSS Score: %0.01
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2023-49721

    An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : edk2 lxd
    • EPSS Score: %0.02
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2023-7207

    Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.... Read more

    Affected Products : cpio
    • Published: Feb. 29, 2024
    • Modified: Aug. 26, 2025

  • 2.8

    LOW
    CVE-2024-2314

    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not a... Read more

    • Published: Mar. 10, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-28242

    Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. U... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-29199

    Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticate... Read more

    Affected Products : nautobot
    • Published: Mar. 26, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-3250

    It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also... Read more

    Affected Products : pebble
    • Published: Apr. 04, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2024-2312

    GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.... Read more

    Affected Products : bootstrap_os hci_compute_node grub2
    • Published: Apr. 05, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 292001 Results