Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-9631

    An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-5528

    An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2024-49352

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose s... Read more

    Affected Products : cognos_analytics
    • Published: Feb. 05, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: XML External Entity

  • 7.3

    HIGH
    CVE-2025-0725

    When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflo... Read more

    • Published: Feb. 05, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-0665

    libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Memory Corruption

  • 3.4

    LOW
    CVE-2025-0167

    When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2024-6356

    An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-1539

    An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member usi... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2023-6386

    A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service de... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 05, 2025

  • 6.2

    MEDIUM
    CVE-2023-52925

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] .... Read more

    Affected Products : linux_kernel
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-52924

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict ... Read more

    Affected Products : linux_kernel
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2024-13829

    The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for... Read more

    Affected Products : tripetto
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-25246

    NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.... Read more

    Affected Products : xr1000
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-1026

    Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:**... Read more

    Affected Products : browsershot
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-1025

    Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-1022

    Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd).... Read more

    Affected Products : browsershot
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-1028

    The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to up... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-23114

    A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.... Read more

    Affected Products : veeam_backup_for_microsoft_azure
    • Published: Feb. 05, 2025
    • Modified: Mar. 13, 2025

  • 7.8

    HIGH
    CVE-2025-0413

    Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability ... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-53966

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291358 Results