Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-5416

    A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.... Read more

    Affected Products : keycloak
    • Published: Jun. 20, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2025-6206

    The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all ve... Read more

    Affected Products : aiomatic
    • Published: Jun. 24, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2024-31887

    IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.... Read more

    • Published: Apr. 16, 2024
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-47731

    IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Apr. 23, 2024
    • Modified: Aug. 13, 2025

  • 8.4

    HIGH
    CVE-2024-25050

    IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-contro... Read more

    Affected Products : i i rational_developer_for_i
    • Published: Apr. 28, 2024
    • Modified: Aug. 13, 2025

  • 5.9

    MEDIUM
    CVE-2022-38386

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 01, 2024
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2023-47727

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-27366

    Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2021-21981

    VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than thei... Read more

    • EPSS Score: %0.05
    • Published: Apr. 19, 2021
    • Modified: Aug. 13, 2025

  • 5.9

    MEDIUM
    CVE-2020-3993

    VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this is... Read more

    • EPSS Score: %0.32
    • Published: Oct. 20, 2020
    • Modified: Aug. 13, 2025

  • 6.1

    MEDIUM
    CVE-2023-20868

    NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.... Read more

    • EPSS Score: %0.15
    • Published: May. 26, 2023
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-32155

    Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi s... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 9.0

    CRITICAL
    CVE-2023-32156

    Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged co... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2023-32157

    Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-34298

    Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to ... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-42124

    Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the a... Read more

    Affected Products : premium_security
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-42125

    Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to... Read more

    Affected Products : premium_security
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 8.7

    HIGH
    CVE-2024-7254

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownField... Read more

    • Published: Sep. 19, 2024
    • Modified: Aug. 13, 2025

  • 10.0

    HIGH
    CVE-2025-8731

    A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. T... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025

  • 5.9

    MEDIUM
    CVE-2025-3576

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions... Read more

    • Published: Apr. 15, 2025
    • Modified: Aug. 13, 2025
Showing 20 of 290957 Results