Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8969

    A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack m... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8968

    A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sql injection. The... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8949

    A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow... Read more

    Affected Products : dir-825_firmware dir-825
    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2024-11946

    iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS de... Read more

    Affected Products : truenas_firmware truenas
    • Published: Dec. 30, 2024
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-21104

    Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application ... Read more

    • Published: Mar. 13, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2023-28831

    The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker ... Read more

    • EPSS Score: %0.43
    • Published: Sep. 12, 2023
    • Modified: Aug. 18, 2025

  • 4.4

    MEDIUM
    CVE-2025-29768

    Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filen... Read more

    Affected Products : vim bootstrap_os hci_compute_node
    • Published: Mar. 13, 2025
    • Modified: Aug. 18, 2025

  • 8.8

    HIGH
    CVE-2025-2449

    NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vu... Read more

    Affected Products : flexlogger
    • Published: Mar. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-2450

    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit ... Read more

    Affected Products : vision_builder_ai
    • Published: Mar. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2023-38272

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.... Read more

    Affected Products : cloud_pak_system
    • Published: Mar. 27, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2025-29989

    Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial.... Read more

    • Published: Apr. 10, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2023-6377

    A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases wh... Read more

    • EPSS Score: %0.33
    • Published: Dec. 13, 2023
    • Modified: Aug. 18, 2025

  • 4.1

    MEDIUM
    CVE-2025-45582

    GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an ... Read more

    Affected Products : tar
    • Published: Jul. 11, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8671

    A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening... Read more

    Affected Products : h2o
    • Published: Aug. 13, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-45770

    jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and othe... Read more

    Affected Products : jwt
    • Published: Jul. 31, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 7.3

    HIGH
    CVE-2025-45769

    php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and... Read more

    Affected Products : firebase_php-jwt
    • Published: Jul. 31, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 7.0

    HIGH
    CVE-2025-45766

    poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14... Read more

    Affected Products : poco
    • Published: Aug. 06, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2023-43029

    IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.... Read more

    • Published: Mar. 21, 2025
    • Modified: Aug. 17, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2025-23266

    NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalati... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Aug. 16, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-8885

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://git... Read more

    Affected Products : bouncy_castle_for_java
    • Published: Aug. 12, 2025
    • Modified: Aug. 16, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291783 Results