Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-45061

    A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious... Read more

    Affected Products : observium
    • Published: Jan. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2024-47002

    A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.... Read more

    Affected Products : observium
    • Published: Jan. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-22129

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.173624... Read more

    Affected Products : tuleap
    • Published: Feb. 03, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2024-47140

    A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provid... Read more

    Affected Products : observium
    • Published: Jan. 15, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-52599

    Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability t... Read more

    Affected Products : tuleap
    • Published: Dec. 09, 2024
    • Modified: Aug. 22, 2025

  • 7.5

    HIGH
    CVE-2025-36512

    A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database inst... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-36520

    A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerab... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-46354

    A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger th... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-48498

    A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An atta... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-35966

    A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instanc... Read more

    Affected Products : comdb2
    • Published: Jul. 22, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-50738

    The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interactio... Read more

    Affected Products : memos
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2023-32701

    Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.09
    • Published: Nov. 14, 2023
    • Modified: Aug. 22, 2025

  • 8.1

    HIGH
    CVE-2021-32025

    An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2... Read more

    • EPSS Score: %0.03
    • Published: Mar. 10, 2022
    • Modified: Aug. 22, 2025

  • 9.8

    CRITICAL
    CVE-2021-22156

    An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.... Read more

    • EPSS Score: %0.65
    • Published: Aug. 17, 2021
    • Modified: Aug. 22, 2025

  • 10.0

    CRITICAL
    CVE-2020-6932

    An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executabl... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %3.63
    • Published: Aug. 12, 2020
    • Modified: Aug. 22, 2025

  • 7.8

    HIGH
    CVE-2019-8998

    An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potential... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.05
    • Published: Jul. 12, 2019
    • Modified: Aug. 22, 2025

  • 8.2

    HIGH
    CVE-2024-29072

    A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can r... Read more

    • Published: May. 28, 2024
    • Modified: Aug. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-24798

    Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-53637

    Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull reque... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 10, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2024-47065

    Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote... Read more

    Affected Products : meshtastic_firmware
    • Published: Jul. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291570 Results