Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-9312

    Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.... Read more

    Affected Products : authd
    • Published: Oct. 10, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2024-7558

    JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID v... Read more

    Affected Products : juju
    • Published: Oct. 02, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2024-10224

    Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by pas... Read more

    Affected Products : debian_linux modules\
    • Published: Nov. 19, 2024
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2025-48382

    Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential informat... Read more

    Affected Products : fess
    • Published: May. 27, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-48495

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clic... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-48494

    Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename.... Read more

    Affected Products : gokapi
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2024-11586

    Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.... Read more

    Affected Products : ubuntu_linux pulseaudio
    • Published: Nov. 23, 2024
    • Modified: Aug. 26, 2025

  • 3.8

    LOW
    CVE-2024-6156

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.... Read more

    Affected Products : lxd
    • Published: Dec. 06, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-4140

    An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.... Read more

    Affected Products : fedora email-mime
    • Published: May. 02, 2024
    • Modified: Aug. 26, 2025

  • 8.1

    HIGH
    CVE-2024-5138

    The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to... Read more

    Affected Products : snapd
    • Published: May. 31, 2024
    • Modified: Aug. 26, 2025

  • 7.8

    HIGH
    CVE-2021-3899

    There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.... Read more

    Affected Products : ubuntu_linux apport
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 8.4

    HIGH
    CVE-2022-0555

    Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions... Read more

    Affected Products : subiquity
    • Published: Jun. 03, 2024
    • Modified: Aug. 26, 2025

  • 9.3

    CRITICAL
    CVE-2020-27352

    When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemo... Read more

    Affected Products : ubuntu_linux snapd
    • Published: Jun. 21, 2024
    • Modified: Aug. 26, 2025

  • 6.3

    MEDIUM
    CVE-2024-37894

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.... Read more

    Affected Products : squid
    • Published: Jun. 25, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2023-48733

    An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : debian_linux edk2 lxd
    • EPSS Score: %0.01
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 6.7

    MEDIUM
    CVE-2023-49721

    An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.... Read more

    Affected Products : edk2 lxd
    • EPSS Score: %0.02
    • Published: Feb. 14, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2023-7207

    Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.... Read more

    Affected Products : cpio
    • Published: Feb. 29, 2024
    • Modified: Aug. 26, 2025

  • 2.8

    LOW
    CVE-2024-2314

    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not a... Read more

    • Published: Mar. 10, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2024-28242

    Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. U... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-29199

    Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticate... Read more

    Affected Products : nautobot
    • Published: Mar. 26, 2024
    • Modified: Aug. 26, 2025
Showing 20 of 291890 Results