Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-8876

    Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.... Read more

    Affected Products : n-central
    • Actively Exploited
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 9.4

    CRITICAL
    CVE-2025-8875

    Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.... Read more

    Affected Products : n-central
    • Actively Exploited
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2024-49353

    IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.... Read more

    • Published: Nov. 26, 2024
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-46199

    Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields... Read more

    Affected Products : grav
    • Published: Jul. 25, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-54445

    Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-8031

    The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-40681

    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.... Read more

    • Published: Sep. 07, 2024
    • Modified: Aug. 15, 2025

  • 7.6

    HIGH
    CVE-2024-42346

    Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javas... Read more

    Affected Products : galaxy
    • Published: Sep. 20, 2024
    • Modified: Aug. 15, 2025

  • 9.1

    CRITICAL
    CVE-2024-42351

    Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tamper... Read more

    Affected Products : galaxy
    • Published: Sep. 20, 2024
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-8805

    A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remot... Read more

    Affected Products : open5gs
    • Published: Aug. 10, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-8804

    A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has be... Read more

    Affected Products : open5gs
    • Published: Aug. 10, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-8802

    A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument stream leads to denial of service. The attack can be i... Read more

    Affected Products : open5gs
    • Published: Aug. 10, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-8801

    A vulnerability was found in Open5GS up to 2.7.5. This affects the function gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has... Read more

    Affected Products : open5gs
    • Published: Aug. 10, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-8799

    A vulnerability was identified in Open5GS up to 2.7.5. Affected by this vulnerability is the function amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context of the file src/amf/npcf-build.c of the component AMF. The manipulati... Read more

    Affected Products : open5gs
    • Published: Aug. 10, 2025
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-43191

    IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.... Read more

    • Published: Sep. 26, 2024
    • Modified: Aug. 15, 2025

  • 6.4

    MEDIUM
    CVE-2024-47075

    LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized... Read more

    Affected Products : layui
    • Published: Sep. 26, 2024
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-45792

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.... Read more

    Affected Products : mantisbt
    • Published: Sep. 30, 2024
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-25632

    eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team... Read more

    Affected Products : elabftw
    • Published: Oct. 01, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-52512

    user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgra... Read more

    Affected Products : user_oidc notes
    • Published: Nov. 15, 2024
    • Modified: Aug. 15, 2025

  • 8.7

    HIGH
    CVE-2024-52303

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each ... Read more

    Affected Products : aiohttp
    • Published: Nov. 18, 2024
    • Modified: Aug. 15, 2025
Showing 20 of 290943 Results