Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-24914

    Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.... Read more

    • Published: Nov. 07, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-39780

    A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue ... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-24827

    Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do ... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-51751

    Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abu... Read more

    Affected Products : gradio
    • Published: Nov. 06, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2023-5616

    In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to ex... Read more

    Affected Products : ubuntu_linux control_center
    • Published: Apr. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-49757

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Regi... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 8.2

    HIGH
    CVE-2025-23023

    Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded ... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-53994

    Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrad... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-53266

    Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2025-46558

    XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particul... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-49753

    Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests t... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2025-48889

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature ... Read more

    Affected Products : gradio
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-20001

    An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the mali... Read more

    Affected Products : fontcreator
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-47711

    There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server c... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2024-29198

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoS... Read more

    Affected Products : geoserver geoserver
    • Published: Jun. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.3

    CRITICAL
    CVE-2024-34711

    GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP ... Read more

    Affected Products : geoserver geoserver
    • Published: Jun. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2024-38524

    GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except... Read more

    Affected Products : geoserver geoserver
    • Published: Jun. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-40625

    GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equ... Read more

    Affected Products : geoserver geoserver
    • Published: Jun. 10, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-36112

    Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the mem... Read more

    Affected Products : nautobot
    • Published: May. 28, 2024
    • Modified: Aug. 26, 2025

  • 5.8

    MEDIUM
    CVE-2024-35190

    Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. ... Read more

    Affected Products : asterisk asterisk
    • Published: May. 17, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 291985 Results