Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-6014

    Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-6015

    Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-6037

    Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In t... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-5999

    A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-6000

    A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterpri... Read more

    Affected Products : vault
    • Published: Aug. 01, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-4656

    Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault... Read more

    Affected Products : vault
    • Published: Jun. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2023-38013

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.... Read more

    Affected Products : cloud_pak_system
    • Published: Jan. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2023-38271

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could allow an authenticated user to obtain sensitive information from log files.... Read more

    Affected Products : cloud_pak_system
    • Published: Jan. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2023-38713

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.... Read more

    Affected Products : cloud_pak_system
    • Published: Jan. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2023-38714

    IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system.... Read more

    Affected Products : cloud_pak_system
    • Published: Jan. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2023-38716

    IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the system that could aid in further attacks against the system.... Read more

    Affected Products : cloud_pak_system
    • Published: Jan. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2022-43916

    IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for ... Read more

    • Published: Jan. 30, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2024-49339

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the ... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-49349

    IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.1 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the ... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2025-20613

    Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2025-20044

    Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-20053

    Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-54800

    Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the bui... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-23241

    Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-32086

    Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
Showing 20 of 291335 Results