Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-53588

    A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-50665

    gpac 2.4 contains a SEGV at src/isomedia/drm_sample.c:1562:96 in isom_cenc_get_sai_by_saiz_saio in MP4Box.... Read more

    Affected Products : gpac
    • Published: Jan. 23, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-50664

    gpac 2.4 contains a heap-buffer-overflow at isomedia/sample_descs.c:1799 in gf_isom_new_mpha_description in gpac/MP4Box.... Read more

    Affected Products : gpac
    • Published: Jan. 23, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2023-46401

    KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.... Read more

    Affected Products : kwhotel
    • Published: Jan. 23, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-46400

    KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.... Read more

    Affected Products : kwhotel
    • Published: Jan. 23, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-23012

    Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-23011

    Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthen... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Path Traversal

  • 5.0

    MEDIUM
    CVE-2025-24353

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise t... Read more

    Affected Products : directus
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authorization

  • 3.2

    LOW
    CVE-2025-24034

    Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access to... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-24033

    @fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded temporary files when user cancels the request. The issue is fixed in versions 8.... Read more

    Affected Products : fastify-multipart
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-23227

    IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional... Read more

    • Published: Jan. 23, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.9

    HIGH
    CVE-2025-22153

    RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when u... Read more

    Affected Products : restrictedpython
    • Published: Jan. 23, 2025
    • Modified: Jan. 23, 2025

  • 6.7

    MEDIUM
    CVE-2024-55930

    Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-55929

    A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-55928

    Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2024-55927

    A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2024-55926

    A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 6.0

    MEDIUM
    CVE-2024-45672

    IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.... Read more

    Affected Products : security_verify_bridge
    • Published: Jan. 23, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-0650

    A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs con... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-55925

    In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain una... Read more

    Affected Products :
    • Published: Jan. 23, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291162 Results