Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2024-36245

    Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-37027

    Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    • Published: Nov. 13, 2024
    • Modified: Sep. 02, 2025

  • 10.0

    CRITICAL
    CVE-2025-57819

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipul... Read more

    Affected Products : freepbx
    • Actively Exploited
    • Published: Aug. 28, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-30266

    wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at ru... Read more

    Affected Products : wasmtime
    • Published: Apr. 04, 2024
    • Modified: Sep. 02, 2025

  • 8.5

    HIGH
    CVE-2024-39283

    Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 14, 2024
    • Modified: Sep. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-2748

    A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability ... Read more

    Affected Products : enterprise_server
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.7

    MEDIUM
    CVE-2023-47855

    Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 8.2

    HIGH
    CVE-2023-45745

    Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    • Published: May. 16, 2024
    • Modified: Sep. 02, 2025

  • 8.3

    HIGH
    CVE-2024-21801

    Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 14, 2024
    • Modified: Sep. 02, 2025

  • 5.7

    MEDIUM
    CVE-2024-33607

    Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : tdx_module_software tdx_module
    • Published: Aug. 12, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-1908

    An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the se... Read more

    Affected Products : enterprise_server
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-27290

    Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has ... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-27291

    Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 7.5

    HIGH
    CVE-2024-27292

    Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has ... Read more

    Affected Products : docassemble
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 6.5

    MEDIUM
    CVE-2024-28244

    KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid... Read more

    Affected Products : katex
    • Published: Mar. 25, 2024
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-40707

    Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more

    Affected Products : openatlas
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-40708

    Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more

    Affected Products : openatlas
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-40709

    Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more

    Affected Products : openatlas
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-9643

    A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection.... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-9644

    A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is p... Read more

    Affected Products : apartment_management_system
    • Published: Aug. 29, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Injection
Showing 20 of 293284 Results