Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-27085

    Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Dis... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2025-54574

    Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work ar... Read more

    Affected Products : squid
    • Published: Aug. 01, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-54424

    1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificat... Read more

    Affected Products : 1panel
    • Published: Aug. 01, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-35230

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and com... Read more

    Affected Products : geoserver geoserver
    • Published: Dec. 16, 2024
    • Modified: Aug. 26, 2025

  • 8.7

    HIGH
    CVE-2025-23042

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter ca... Read more

    Affected Products : gradio
    • Published: Jan. 14, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-52797

    Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable... Read more

    Affected Products : opencast
    • Published: Nov. 21, 2024
    • Modified: Aug. 26, 2025

  • 8.0

    HIGH
    CVE-2024-24914

    Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.... Read more

    • Published: Nov. 07, 2024
    • Modified: Aug. 26, 2025

  • 9.8

    CRITICAL
    CVE-2024-39780

    A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue ... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-24827

    Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do ... Read more

    Affected Products : discourse
    • Published: Mar. 15, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-51751

    Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abu... Read more

    Affected Products : gradio
    • Published: Nov. 06, 2024
    • Modified: Aug. 26, 2025

  • 4.9

    MEDIUM
    CVE-2023-5616

    In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to ex... Read more

    Affected Products : ubuntu_linux control_center
    • Published: Apr. 15, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-49757

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Regi... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 8.2

    HIGH
    CVE-2025-23023

    Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded ... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-53994

    Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrad... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-53266

    Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version... Read more

    Affected Products : discourse
    • Published: Feb. 04, 2025
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2025-46558

    XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting (XSS) through HTML. In particul... Read more

    Affected Products : xwiki
    • Published: Apr. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2024-49753

    Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests t... Read more

    Affected Products : zitadel
    • Published: Oct. 25, 2024
    • Modified: Aug. 26, 2025

  • 7.5

    HIGH
    CVE-2025-48889

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature ... Read more

    Affected Products : gradio
    • Published: May. 30, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-20001

    An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the mali... Read more

    Affected Products : fontcreator
    • Published: Jun. 02, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-47711

    There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server c... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291890 Results