Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-45421

    Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-45418

    Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2024-45417

    Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-27135

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of pub... Read more

    Affected Products : ragflow
    • Published: Feb. 25, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-36259

    Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.... Read more

    Affected Products : odoo
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25192

    GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` fil... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-23046

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to G... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-12368

    Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.... Read more

    Affected Products : odoo
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-1204

    The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1068

    There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a ... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1067

    There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specif... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-26601

    A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes tr... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26600

    A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26599

    An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window t... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26598

    An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return th... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26597

    A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups,... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26596

    A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26595

    A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26594

    A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-23024

    GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291573 Results