Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-31223

    Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL... Read more

    Affected Products : fides
    • Published: Jul. 03, 2024
    • Modified: Sep. 04, 2025

  • 7.1

    HIGH
    CVE-2024-53271

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 7.1

    HIGH
    CVE-2025-24030

    Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies man... Read more

    Affected Products : gateway
    • Published: Jan. 23, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Path Traversal

  • 9.4

    CRITICAL
    CVE-2024-28253

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`.... Read more

    Affected Products : openmetadata
    • Published: Mar. 15, 2024
    • Modified: Sep. 04, 2025

  • 5.3

    MEDIUM
    CVE-2025-25294

    Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnera... Read more

    Affected Products : gateway
    • Published: Mar. 06, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-28254

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression using `ge... Read more

    Affected Products : openmetadata
    • Published: Mar. 15, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-28255

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT toke... Read more

    Affected Products : openmetadata
    • Published: Mar. 15, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2024-53270

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullp... Read more

    Affected Products : envoy
    • Published: Dec. 18, 2024
    • Modified: Sep. 04, 2025

  • 8.6

    HIGH
    CVE-2025-9377

    The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both prod... Read more

    • Actively Exploited
    • Published: Aug. 29, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-28847

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also call... Read more

    Affected Products : openmetadata
    • Published: Mar. 15, 2024
    • Modified: Sep. 04, 2025

  • 7.5

    HIGH
    CVE-2023-37474

    Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outs... Read more

    Affected Products : copyparty copyparty
    • Published: Jul. 14, 2023
    • Modified: Sep. 04, 2025

  • 6.3

    MEDIUM
    CVE-2023-38501

    copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the serve... Read more

    Affected Products : copyparty copyparty
    • Published: Jul. 25, 2023
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-45169

    An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (D... Read more

    Affected Products : idol2
    • Published: Aug. 22, 2024
    • Modified: Sep. 04, 2025

  • 9.2

    CRITICAL
    CVE-2025-7679

    The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-7677

    A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects all versions of ASPECT.... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-53187

    Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access f... Read more

    Affected Products :
    • Published: Aug. 11, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-47258

    2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certifi... Read more

    Affected Products : access_commander
    • Published: Feb. 06, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2024-47255

    In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.... Read more

    Affected Products : access_commander
    • Published: Nov. 05, 2024
    • Modified: Sep. 04, 2025

  • 7.2

    HIGH
    CVE-2024-47254

    In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.... Read more

    Affected Products : access_commander
    • Published: Nov. 05, 2024
    • Modified: Sep. 04, 2025

  • 9.8

    CRITICAL
    CVE-2025-5310

    Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 292846 Results