Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-9143

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even ... Read more

    Affected Products : openssl
    • Published: Oct. 16, 2024
    • Modified: Sep. 01, 2025

  • 9.1

    CRITICAL
    CVE-2024-5535

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequence... Read more

    Affected Products : openssl
    • Published: Jun. 27, 2024
    • Modified: Sep. 01, 2025

  • 5.9

    MEDIUM
    CVE-2024-13987

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-o... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Sep. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7345

    A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding... Read more

    • Published: Jul. 08, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2023-6270

    A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access ... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: Jan. 04, 2024
    • Modified: Aug. 30, 2025

  • 5.9

    MEDIUM
    CVE-2025-9341

    Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive A... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 22, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-49405

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.... Read more

    Affected Products : houzez
    • Published: Aug. 28, 2025
    • Modified: Aug. 30, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-5141

    A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix ... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-9945

    An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Dec. 13, 2024
    • Modified: Aug. 29, 2025

  • 8.8

    HIGH
    CVE-2024-9054

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-7490

    Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program rou... Read more

    Affected Products : advanced_software_framework
    • Published: Aug. 08, 2024
    • Modified: Aug. 29, 2025

  • 8.4

    HIGH
    CVE-2024-6769

    A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a ... Read more

    • Published: Sep. 26, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-6633

    The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. ... Read more

    Affected Products : filecatalyst_workflow
    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2025

  • 9.3

    CRITICAL
    CVE-2024-4332

    An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, a... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-43685

    Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 8.8

    HIGH
    CVE-2024-43684

    Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-29155

    On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real o... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Aug. 29, 2025

  • 8.2

    HIGH
    CVE-2025-8450

    Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.... Read more

    Affected Products : filecatalyst_direct
    • Published: Aug. 19, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-48958

    execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-42048

    OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this locati... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 292797 Results