Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-25185

    GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft li... Read more

    Affected Products : gpt_academic gpt_academic
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-24023

    Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is... Read more

    Affected Products : flask-appbuilder
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-0555

    A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under ... Read more

    Affected Products : gitlab
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-55570

    /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with role... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-55532

    Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.... Read more

    Affected Products : ranger
    • Published: Mar. 03, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-43169

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-41771

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-41770

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-1801

    A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT ... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Race Condition

  • 7.8

    HIGH
    CVE-2025-1125

    When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted file... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-0689

    When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always ... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-8262

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.This issue affects OBS: before 24.0927.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-8261

    Authorization Bypass Through User-Controlled Key vulnerability in Proliz Software OBS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OBS: before 24.0927.... Read more

    • Published: Mar. 03, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-45780

    A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with ... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.0

    MEDIUM
    CVE-2024-45779

    An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflo... Read more

    Affected Products : grub2
    • Published: Mar. 03, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-27279

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flashfader allows Reflected XSS. This issue affects Flashfader: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-27278

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AcuGIS Leaflet Maps allows Reflected XSS. This issue affects AcuGIS Leaflet Maps: from n/a through 5.1.1.0.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-27275

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale allows Reflected XSS. This issue affects WOO Codice Fiscale: from n/a through 1.6.3.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-27274

    Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11.... Read more

    Affected Products : gpx_viewer
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-27273

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winking Affiliate Links Manager allows Reflected XSS. This issue affects Affiliate Links Manager: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292228 Results