Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-47092

    Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1... Read more

    Affected Products : check_mk_python_api
    • Published: Mar. 03, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-57432

    macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to fo... Read more

    Affected Products : mall-tiny
    • Published: Jan. 31, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-32491

    An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be execu... Read more

    Affected Products : znuny
    • Published: Apr. 29, 2024
    • Modified: Sep. 02, 2025

  • 7.1

    HIGH
    CVE-2024-32492

    An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.... Read more

    Affected Products : znuny
    • Published: Apr. 29, 2024
    • Modified: Sep. 02, 2025

  • 8.8

    HIGH
    CVE-2024-32493

    An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.... Read more

    Affected Products : znuny
    • Published: Apr. 29, 2024
    • Modified: Sep. 02, 2025

  • 7.3

    HIGH
    CVE-2024-29007

    The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommen... Read more

    Affected Products : cloudstack
    • Published: Apr. 04, 2024
    • Modified: Sep. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-46762

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malic... Read more

    Affected Products : parquet
    • Published: May. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Supply Chain

  • 8.1

    HIGH
    CVE-2024-35181

    Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL in... Read more

    Affected Products : meshery
    • Published: May. 27, 2024
    • Modified: Sep. 02, 2025

  • 8.1

    HIGH
    CVE-2024-35182

    Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL in... Read more

    Affected Products : meshery
    • Published: May. 27, 2024
    • Modified: Sep. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-38361

    Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to `NO_PERMISSION` when permission is expec... Read more

    Affected Products : spicedb
    • Published: Jun. 20, 2024
    • Modified: Sep. 02, 2025

  • 9.1

    CRITICAL
    CVE-2024-39305

    Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fix... Read more

    Affected Products : envoy
    • Published: Jul. 01, 2024
    • Modified: Sep. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-38537

    Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited edge case, when it detected a legacy browser such as IE1... Read more

    Affected Products : fides
    • Published: Jul. 02, 2024
    • Modified: Sep. 02, 2025

  • 7.4

    HIGH
    CVE-2025-21701

    In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_L... Read more

    Affected Products : linux_kernel
    • Published: Feb. 13, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2024-29031

    Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive infor... Read more

    Affected Products : meshery
    • Published: Mar. 21, 2024
    • Modified: Sep. 02, 2025

  • 4.3

    MEDIUM
    CVE-2024-32001

    SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects fo... Read more

    Affected Products : spicedb
    • Published: Apr. 10, 2024
    • Modified: Sep. 02, 2025

  • 5.4

    MEDIUM
    CVE-2025-8554

    A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack m... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-8555

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. Affected is an unknown function of the file /search. The manipulation of the argument keyword leads to cross site scripting. It is possible to launch the attack re... Read more

    Affected Products : pybbs
    • Published: Aug. 05, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-32430

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabil... Read more

    Affected Products : xwiki
    • Published: Aug. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-54124

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1... Read more

    Affected Products : xwiki
    • Published: Aug. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-54125

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, th... Read more

    Affected Products : xwiki
    • Published: Aug. 06, 2025
    • Modified: Sep. 02, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292811 Results