Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2024-45783

    A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025

  • 6.7

    MEDIUM
    CVE-2024-45781

    A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually ... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2024-45776

    When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This fl... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2024-45775

    A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 4.2

    MEDIUM
    CVE-2025-26603

    Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ... Read more

    Affected Products : vim hci_compute_node
    • Published: Feb. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-26465

    A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific ... Read more

    • Published: Feb. 18, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.0

    HIGH
    CVE-2025-25305

    Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-part... Read more

    Affected Products : home-assistant
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-25284

    The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. ... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-24895

    CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider (IDP): the system that authenticates users and provides ide... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-24894

    SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider (IDP): the system that authenticates users and provides identity... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-21608

    Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and a... Read more

    Affected Products : meshtastic_firmware
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-57056

    Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.0

    MEDIUM
    CVE-2024-57055

    Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use ... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-45774

    A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure... Read more

    Affected Products : enterprise_linux grub2
    • Published: Feb. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-26620

    Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obta... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Race Condition

  • 4.2

    MEDIUM
    CVE-2025-26058

    Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.... Read more

    Affected Products : qloapps
    • Published: Feb. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-25300

    smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner `View` link and navigating to 3rd party page leaves `window.opener` exposed. It may allow hostile third parties to abuse `window.opener... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2024-56883

    Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other emp... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-56882

    Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each au... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2024-51505

    An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.... Read more

    Affected Products :
    • Published: Feb. 18, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Race Condition
Showing 20 of 291804 Results