Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-0148

    NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-27146

    matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed ... Read more

    Affected Products : matrix_irc_bridge
    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-27142

    LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the `P... Read more

    Affected Products : localsend
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-27139

    Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.... Read more

    Affected Products : itop
    • Published: Feb. 25, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.9

    HIGH
    CVE-2025-27110

    Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3... Read more

    Affected Products : modsecurity modsecurity
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025

  • 6.5

    MEDIUM
    CVE-2024-45426

    Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-45425

    Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-45424

    Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-45421

    Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2024-45418

    Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authentication

  • 6.0

    MEDIUM
    CVE-2024-45417

    Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.... Read more

    • Published: Feb. 25, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-27135

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of pub... Read more

    Affected Products : ragflow
    • Published: Feb. 25, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-36259

    Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.... Read more

    Affected Products : odoo
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-25192

    GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` fil... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-23046

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to G... Read more

    Affected Products : glpi
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-12368

    Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.... Read more

    Affected Products : odoo
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-1204

    The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the... Read more

    Affected Products :
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1068

    There is an untrusted search path vulnerability in Esri ArcGIS AllSource 1.2 and 1.3 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a ... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-1067

    There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specif... Read more

    Affected Products : arcgis_pro arcgis_allsource
    • Published: Feb. 25, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-26601

    A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes tr... Read more

    • Published: Feb. 25, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291641 Results