Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2023-52656

    In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it.... Read more

    Affected Products : linux_kernel
    • Published: May. 14, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-25005

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-11176

    Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Aug. 21, 2025

  • 9.3

    CRITICAL
    CVE-2025-48757

    An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual custo... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-34449

    Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.... Read more

    Affected Products : vditor
    • Published: May. 03, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-47712

    A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, l... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-6199

    A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error... Read more

    Affected Products : enterprise_linux gdkpixbuf
    • Published: Jun. 17, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-36016

    IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof th... Read more

    Affected Products : process_mining
    • Published: Jun. 21, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-5318

    A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which... Read more

    • Published: Jun. 24, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-29478

    An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.... Read more

    Affected Products : fluent_bit
    • Published: Apr. 07, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-6184

    A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads to os command inj... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-6186

    A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-6187

    A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be ini... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 20, 2024
    • Modified: Aug. 21, 2025

  • 7.2

    HIGH
    CVE-2024-6269

    A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the ar... Read more

    Affected Products : rg-uac_firmware rg-uac
    • Published: Jun. 23, 2024
    • Modified: Aug. 21, 2025

  • 8.5

    HIGH
    CVE-2024-39567

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This... Read more

    • Published: Jul. 09, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3738

    A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is p... Read more

    Affected Products : nginx_ui nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3739

    A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiate... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3740

    A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack ma... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-30953

    A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module.... Read more

    Affected Products : htmly
    • Published: Apr. 17, 2024
    • Modified: Aug. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-27306

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) ... Read more

    Affected Products : fedora aiohttp
    • Published: Apr. 18, 2024
    • Modified: Aug. 21, 2025
Showing 20 of 291419 Results