Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-24973

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitl... Read more

    Affected Products : nexkey
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-24900

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authenticat... Read more

    Affected Products : nexkey
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.2

    HIGH
    CVE-2025-24897

    Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, ... Read more

    Affected Products : misskey
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-24896

    Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted eve... Read more

    Affected Products : misskey
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-24807

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor i... Read more

    Affected Products : fast_dds
    • Published: Feb. 11, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-22467

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.... Read more

    Affected Products : connect_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2024-47908

    OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : cloud_services_appliance
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2024-13843

    Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2024-13842

    A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2024-13830

    Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13813

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.... Read more

    Affected Products : secure_access_client
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-12797

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: T... Read more

    Affected Products : openssl cryptography
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2024-12058

    External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025

  • 5.3

    MEDIUM
    CVE-2024-11771

    Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.... Read more

    Affected Products : cloud_services_appliance
    • Published: Feb. 11, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-10644

    Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-33659

    AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, al... Read more

    Affected Products : aptio_v
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-26493

    In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab... Read more

    Affected Products : teamcity
    • Published: Feb. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-26492

    In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources... Read more

    Affected Products : teamcity
    • Published: Feb. 11, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-1231

    Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.... Read more

    Affected Products : devolutions_server
    • Published: Feb. 11, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-12366

    PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Injection
Showing 20 of 291634 Results