Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2022-2079

    Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.... Read more

    Affected Products : nocodb nocodb
    • EPSS Score: %0.38
    • Published: Jun. 14, 2022
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2022-22120

    In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the syst... Read more

    Affected Products : nocodb nocodb
    • EPSS Score: %0.28
    • Published: Jan. 10, 2022
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2022-2022

    Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.... Read more

    Affected Products : nocodb nocodb
    • EPSS Score: %0.40
    • Published: Jun. 07, 2022
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2022-2063

    Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.... Read more

    Affected Products : nocodb nocodb
    • EPSS Score: %1.02
    • Published: Jun. 13, 2022
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-31208

    Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induc... Read more

    Affected Products : fedora synapse
    • Published: Apr. 23, 2024
    • Modified: Aug. 26, 2025

  • 7.3

    HIGH
    CVE-2024-24910

    A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to ex... Read more

    • Published: Apr. 18, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-1227

    A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remot... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1225

    A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipul... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-1216

    A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql inje... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1226

    A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The expl... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-1224

    A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated re... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-5199

    In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.... Read more

    Affected Products : macos multipass
    • Published: Jul. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-2600

    Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affec... Read more

    Affected Products : remote_desktop_manager
    • Published: Mar. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-12670

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the c... Read more

    • Published: Dec. 17, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2017-9369

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher priv... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.24
    • Published: Nov. 14, 2017
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2017-3892

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack b... Read more

    Affected Products : qnx_software_development_platform
    • EPSS Score: %0.19
    • Published: Nov. 14, 2017
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-0928

    In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the d... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-56197

    Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagge... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-53513

    The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain acc... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-53512

    The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.... Read more

    Affected Products : juju
    • Published: Jul. 08, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization
Showing 20 of 291890 Results