Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-5141

    A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix ... Read more

    Affected Products :
    • Published: Jun. 17, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-9945

    An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Published: Dec. 13, 2024
    • Modified: Aug. 29, 2025

  • 8.8

    HIGH
    CVE-2024-9054

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-7490

    Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program rou... Read more

    Affected Products : advanced_software_framework
    • Published: Aug. 08, 2024
    • Modified: Aug. 29, 2025

  • 8.4

    HIGH
    CVE-2024-6769

    A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a ... Read more

    • Published: Sep. 26, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-6633

    The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. ... Read more

    Affected Products : filecatalyst_workflow
    • Published: Aug. 27, 2024
    • Modified: Aug. 29, 2025

  • 9.3

    CRITICAL
    CVE-2024-4332

    An authentication bypass vulnerability has been identified in the REST and SOAP API components of Tripwire Enterprise (TE) 9.1.0 when TE is configured to use LDAP/Active Directory SAML authentication and its optional "Auto-synchronize LDAP Users, Roles, a... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Aug. 29, 2025

  • 9.8

    CRITICAL
    CVE-2024-43685

    Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 8.8

    HIGH
    CVE-2024-43684

    Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.... Read more

    • Published: Oct. 04, 2024
    • Modified: Aug. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-29155

    On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real o... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Aug. 29, 2025

  • 8.2

    HIGH
    CVE-2025-8450

    Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.... Read more

    Affected Products : filecatalyst_direct
    • Published: Aug. 19, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-48958

    execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 6.5

    MEDIUM
    CVE-2024-42048

    OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this locati... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-50428

    In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-47909

    Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit ... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.8

    HIGH
    CVE-2024-48957

    execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 4.8

    MEDIUM
    CVE-2024-13058

    An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron Hy... Read more

    Affected Products : hypercloud
    • Published: Dec. 30, 2024
    • Modified: Aug. 29, 2025

  • 5.1

    MEDIUM
    CVE-2025-43746

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 20, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-46917

    Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition,... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2024-46916

    Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fsta... Read more

    Affected Products :
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal
Showing 20 of 292810 Results