Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-7731

    Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read ... Read more

    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-6507

    A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The... Read more

    Affected Products : h2o
    • Published: Sep. 01, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-28182

    nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This ... Read more

    Affected Products : fedora debian_linux nghttp2
    • Published: Apr. 04, 2024
    • Modified: Sep. 02, 2025

  • 7.5

    HIGH
    CVE-2022-26083

    Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.... Read more

    • Published: Feb. 14, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2024-28952

    Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Sep. 02, 2025

  • 8.2

    HIGH
    CVE-2024-32483

    Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : endpoint_management_assistant
    • Published: Nov. 13, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-29191

    gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src... Read more

    Affected Products : go2rtc
    • Published: Apr. 04, 2024
    • Modified: Sep. 02, 2025

  • 6.8

    MEDIUM
    CVE-2024-47884

    foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits count... Read more

    Affected Products :
    • Published: Oct. 11, 2024
    • Modified: Sep. 02, 2025

  • 6.7

    MEDIUM
    CVE-2024-36245

    Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-37027

    Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Sep. 02, 2025

  • 10.0

    CRITICAL
    CVE-2025-57819

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipul... Read more

    Affected Products : freepbx
    • Actively Exploited
    • Published: Aug. 28, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-30266

    wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at ru... Read more

    Affected Products : wasmtime
    • Published: Apr. 04, 2024
    • Modified: Sep. 02, 2025

  • 8.5

    HIGH
    CVE-2024-39283

    Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 14, 2024
    • Modified: Sep. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-2748

    A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability ... Read more

    Affected Products : enterprise_server
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.7

    MEDIUM
    CVE-2023-47855

    Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 8.2

    HIGH
    CVE-2023-45745

    Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 8.3

    HIGH
    CVE-2024-21801

    Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 14, 2024
    • Modified: Sep. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-33607

    Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 12, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-1908

    An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the se... Read more

    Affected Products : enterprise_server
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-27290

    Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has ... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025
Showing 20 of 292738 Results