Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-51637

    Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vu... Read more

    Affected Products : sante_pacs_server
    • Published: May. 22, 2024
    • Modified: Aug. 14, 2025

  • 7.3

    HIGH
    CVE-2024-4454

    WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the... Read more

    • Published: May. 22, 2024
    • Modified: Aug. 14, 2025

  • 8.7

    HIGH
    CVE-2024-10383

    An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporar... Read more

    Affected Products : gitlab gitlab-web-ide-vscode-fork
    • Published: Feb. 07, 2025
    • Modified: Aug. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-51461

    IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.... Read more

    Affected Products : qradar_wincollect
    • Published: Apr. 11, 2025
    • Modified: Aug. 14, 2025

  • 4.0

    MEDIUM
    CVE-2024-22338

    IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.... Read more

    • Published: May. 31, 2024
    • Modified: Aug. 14, 2025

  • 6.3

    MEDIUM
    CVE-2024-37312

    user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the O... Read more

    Affected Products : nextcloud_server user_oidc notes
    • Published: Jun. 14, 2024
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2025-1998

    IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a loc... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-1997

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sen... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025

  • 5.9

    MEDIUM
    CVE-2024-38325

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain s... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 14, 2025

  • 6.2

    MEDIUM
    CVE-2024-31906

    IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : automation_decision_services
    • Published: Jan. 26, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-37886

    user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3... Read more

    Affected Products : nextcloud_server user_oidc notes
    • Published: Jun. 14, 2024
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2024-41739

    IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.... Read more

    • Published: Jan. 24, 2025
    • Modified: Aug. 14, 2025

  • 7.2

    HIGH
    CVE-2024-55889

    phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> elemen... Read more

    Affected Products : phpmyfaq
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 10.0

    CRITICAL
    CVE-2024-28787

    IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force... Read more

    • Published: Apr. 04, 2024
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2024-12552

    Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : center
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-28782

    IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Apr. 03, 2024
    • Modified: Aug. 14, 2025

  • 6.4

    MEDIUM
    CVE-2025-33118

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 14, 2025

  • 7.4

    HIGH
    CVE-2025-2824

    IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker cou... Read more

    Affected Products : operational_decision_manager
    • Published: Aug. 01, 2025
    • Modified: Aug. 14, 2025

  • 4.5

    MEDIUM
    CVE-2024-38335

    IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.... Read more

    • Published: Jul. 22, 2025
    • Modified: Aug. 14, 2025
Showing 20 of 290958 Results