Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-48494

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename.... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-11586

    Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.... Read more

    Affected Products : ubuntu_linux pulseaudio
    • Published: Nov. 23, 2024
    • Modified: Aug. 26, 2025

  • 3.8

    LOW
    CVE-2024-6156

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-4140

    An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.... Read more

    Affected Products : fedora email-mime
    • Published: May. 02, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-5138

    The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to... Read more

    Affected Products : snapd
    • Published: May. 31, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2021-3899

    There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.... Read more

    Affected Products : ubuntu_linux apport
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.4

    HIGH
    CVE-2022-0555

    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions... Read more

    Affected Products : subiquity
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.3

    CRITICAL
    CVE-2020-27352

    When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemo... Read more

    Affected Products : ubuntu_linux snapd
    • Published: Jun. 21, 2024
    • Modified: Aug. 26, 2025

  • 6.3

    MEDIUM
    CVE-2024-37894

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.... Read more

    Affected Products : squid
    • Published: Jun. 25, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2023-48733

    An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : debian_linux edk2 lxd
    • EPSS Score: %0.01
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2023-49721

    An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : edk2 lxd
    • EPSS Score: %0.02
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2023-7207

    Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.... Read more

    Affected Products : cpio
    • Published: Feb. 29, 2024
    • Modified: Aug. 26, 2025

  • 2.8

    LOW
    CVE-2024-2314

    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not a... Read more

    • Published: Mar. 10, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-28242

    Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. U... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-29199

    Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticate... Read more

    Affected Products : nautobot
    • Published: Mar. 26, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-3250

    It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also... Read more

    Affected Products : pebble
    • Published: Apr. 04, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2024-2312

    GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.... Read more

    Affected Products : bootstrap_os hci_compute_node grub2
    • Published: Apr. 05, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2025-31124

    Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt ... Read more

    Affected Products : zitadel
    • Published: Mar. 31, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-12199

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-11608

    A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    Affected Products : revit
    • Published: Dec. 09, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 292321 Results