Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-2885

    Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2886

    Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target co... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-2887

    During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure... Read more

    Affected Products : tough
    • Published: Mar. 27, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2021-47398

    In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long long' and printed with %llx. Change %llx to %p to print the secured poin... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2023-52668

    In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking depend... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 9.8

    CRITICAL
    CVE-2024-29401

    xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.... Read more

    Affected Products : xzs-mysql
    • Published: Mar. 26, 2024
    • Modified: Sep. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-32210

    The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections.... Read more

    Affected Products : lomag_warehouse_management
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2024-32211

    An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components.... Read more

    Affected Products : lomag_warehouse_management
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 5.5

    MEDIUM
    CVE-2023-52661

    In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must be undone. Add the missi... Read more

    Affected Products : linux_kernel
    • Published: May. 17, 2024
    • Modified: Sep. 19, 2025

  • 5.4

    MEDIUM
    CVE-2024-52312

    Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments.... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 8.1

    HIGH
    CVE-2024-32212

    SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSettings components.... Read more

    Affected Products : lomag_warehouse_management
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-52313

    An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.al... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 6.9

    MEDIUM
    CVE-2024-52314

    A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with c... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 6.3

    MEDIUM
    CVE-2024-52311

    Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired.... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 5.3

    MEDIUM
    CVE-2024-10953

    An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of.... Read more

    Affected Products : data.all
    • Published: Nov. 09, 2024
    • Modified: Sep. 19, 2025

  • 7.1

    HIGH
    CVE-2024-33429

    Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.... Read more

    Affected Products : phiola
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 8.6

    HIGH
    CVE-2024-12744

    A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30... Read more

    • Published: Dec. 24, 2024
    • Modified: Sep. 19, 2025

  • 8.8

    HIGH
    CVE-2024-33430

    An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.... Read more

    Affected Products : phiola
    • Published: May. 01, 2024
    • Modified: Sep. 19, 2025

  • 7.8

    HIGH
    CVE-2025-8893

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more

    • Published: Sep. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-8894

    A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    • Published: Sep. 16, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294836 Results