Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-24721

    An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel... Read more

    Affected Products : innovaphone_pbx
    • Published: Feb. 27, 2024
    • Modified: Sep. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-25247

    SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters.... Read more

    Affected Products : b2b2c_multi-business
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-58352

    Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. Th... Read more

    Affected Products : weblate
    • Published: Sep. 05, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-1899

    An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions. ... Read more

    Affected Products : showdown
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 9.1

    CRITICAL
    CVE-2024-27456

    rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.... Read more

    Affected Products : rack-cors rack_cors_middleware
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 7.5

    HIGH
    CVE-2024-27454

    orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.... Read more

    Affected Products : orjson
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-27350

    Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible af... Read more

    Affected Products : fire_os
    • Published: Feb. 26, 2024
    • Modified: Sep. 18, 2025

  • 7.2

    HIGH
    CVE-2024-24386

    An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.... Read more

    Affected Products : vitalpbx
    • Published: Feb. 15, 2024
    • Modified: Sep. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-24256

    SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory.... Read more

    Affected Products : yonyou
    • Published: Feb. 15, 2024
    • Modified: Sep. 18, 2025

  • 9.0

    CRITICAL
    CVE-2025-8904

    Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Use... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-36146

    IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.... Read more

    Affected Products : watsonx.data
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2025-36143

    IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.... Read more

    Affected Products : watsonx.data
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-36139

    IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    Affected Products : watsonx.data
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10676

    A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been mad... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-10675

    A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. ... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-10674

    A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exp... Read more

    Affected Products :
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-10616

    A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released t... Read more

    Affected Products : e-commerce_website
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-10615

    A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit is publicly available... Read more

    Affected Products : e-commerce_website
    • Published: Sep. 17, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2023-53447

    In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] P... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-53446

    In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer to the pci_dev of function 0. Previously we retained that pointer... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2025
    • Modified: Sep. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294717 Results