Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-21127

    Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious lib... Read more

    Affected Products : macos windows photoshop
    • Published: Jan. 14, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-21122

    Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti... Read more

    Affected Products : macos windows photoshop
    • Published: Jan. 14, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-0474

    Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.... Read more

    Affected Products : invoice_ninja
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2024-56374

    An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and ... Read more

    Affected Products : django
    • Published: Jan. 14, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Denial of Service

  • 2.1

    LOW
    CVE-2024-52006

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and G... Read more

    Affected Products : git
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authentication

  • 2.1

    LOW
    CVE-2024-50349

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential h... Read more

    Affected Products : git
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2024-50338

    Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2024-49375

    Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this... Read more

    Affected Products : rasa
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-48857

    NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-48856

    Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-48855

    Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-48854

    Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.... Read more

    Affected Products : qnx_software_development_platform
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-23366

    A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated a... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-23052

    Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operati... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-23051

    An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary sys... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-23025

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has... Read more

    Affected Products : xwiki
    • Published: Jan. 14, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-21607

    Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to mak... Read more

    Affected Products : vyper
    • Published: Jan. 14, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-21417

    Windows Telephony Service Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-21413

    Windows Telephony Service Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-21411

    Windows Telephony Service Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Authentication
Showing 20 of 291401 Results