Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-9090

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The ex... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-9091

    A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. ... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-38371

    authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an applicat... Read more

    Affected Products : authentik
    • Published: Jun. 28, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2023-6247

    The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.... Read more

    Affected Products : openvpn openvpn_3
    • Published: Feb. 29, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-34478

    btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigne... Read more

    Affected Products : btcd
    • Published: May. 05, 2024
    • Modified: Aug. 21, 2025

  • 3.9

    LOW
    CVE-2024-31636

    An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.... Read more

    Affected Products : lief
    • Published: May. 03, 2024
    • Modified: Aug. 21, 2025

  • 8.2

    HIGH
    CVE-2025-32988

    A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will cal... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-2641

    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization.... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-57734

    In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-2642

    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. T... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 8.5

    HIGH
    CVE-2025-23365

    A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to es... Read more

    Affected Products : tia_administrator
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-30251

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop ... Read more

    Affected Products : aiohttp
    • Published: May. 02, 2024
    • Modified: Aug. 21, 2025

  • 5.5

    MEDIUM
    CVE-2025-57733

    In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-23364

    A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.... Read more

    Affected Products : tia_administrator
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-57732

    In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-57731

    In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content... Read more

    Affected Products : youtrack
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-25015

    IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.... Read more

    Affected Products : linux_kernel aix mq windows linux_on_ibm_z
    • Published: May. 01, 2024
    • Modified: Aug. 21, 2025

  • 6.7

    MEDIUM
    CVE-2025-9043

    The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions t... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-57730

    In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-40593

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service cond... Read more

    Affected Products : simatic_cn_4100
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291384 Results