Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-27072

    Information disclosure while processing a packet at EAVB BE side with invalid header length.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-27075

    Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-47324

    Information disclosure while accessing and modifying the PIB file of a remote device via powerline.... Read more

    Affected Products : qca7005_firmware qca7005
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-55674

    A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functi... Read more

    Affected Products : superset
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2024-45674

    IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files tha... Read more

    • Published: Feb. 22, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-25206

    eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. Thi... Read more

    Affected Products : elabftw
    • Published: Feb. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.2

    MEDIUM
    CVE-2025-26603

    Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ... Read more

    Affected Products : vim hci_compute_node
    • Published: Feb. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-55675

    Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the d... Read more

    Affected Products : superset
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-20051

    Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially craf... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 24, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-0159

    IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.... Read more

    Affected Products : storage_virtualize
    • Published: Feb. 28, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-0160

    IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.... Read more

    Affected Products : storage_virtualize
    • Published: Feb. 28, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-54179

    IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScr... Read more

    Affected Products : business_automation_workflow
    • Published: Mar. 03, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-27423

    Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to app... Read more

    Affected Products : vim hci_compute_node
    • Published: Mar. 03, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-26484

    Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : cloudlink
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2025-2000

    A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potenti... Read more

    Affected Products : qiskit
    • Published: Mar. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-27256

    IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensiti... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-8356

    In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.... Read more

    Affected Products : freeflow_core
    • Published: Aug. 08, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-56477

    IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.... Read more

    Affected Products : power_hardware_management_console
    • Published: Feb. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2024-55904

    IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary command... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Feb. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-36612

    SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.... Read more

    Affected Products : supportassist_for_business_pcs
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authorization
Showing 20 of 291812 Results