Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-27139

    Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.... Read more

    Affected Products : itop
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.9

    HIGH
    CVE-2025-27110

    Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3... Read more

    Affected Products : modsecurity modsecurity
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025

  • 6.5

    MEDIUM
    CVE-2024-45426

    Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-45425

    Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-45424

    Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-45421

    Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-45418

    Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2024-45417

    Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-27135

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of pub... Read more

    Affected Products : ragflow
    • Published: Feb. 25, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-36259

    Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.... Read more

    Affected Products : odoo
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25192

    GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` fil... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-23046

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to G... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-12368

    Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.... Read more

    Affected Products : odoo
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-1204

    The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1068

    There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a ... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1067

    There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specif... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-26601

    A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes tr... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26600

    A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26599

    An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window t... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-26598

    An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return th... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291638 Results