Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2013-3893

    Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that t... Read more

    Affected Products : internet_explorer
    • Actively Exploited
    • EPSS Score: %87.06
    • Published: Sep. 18, 2013
    • Modified: Aug. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-12619

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects.... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-3149

    A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Cou... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3150

    A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be la... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-2987

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-2986

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1095

    IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-56341

    IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2024-49338

    IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.... Read more

    • Published: Jan. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-9167

    Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : velocity_license_server
    • Published: Oct. 08, 2024
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-4405

    Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to ex... Read more

    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-4406

    Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required ... Read more

    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2023-27334

    Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authenticati... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2023-27335

    Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this ... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2023-27336

    Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentica... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-27347

    G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : total_security
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-27362

    3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the targe... Read more

    Affected Products : 3cx
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-20497

    A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) u... Read more

    • Published: Sep. 04, 2024
    • Modified: Aug. 12, 2025

  • 7.4

    HIGH
    CVE-2025-3155

    A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12088

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which ... Read more

    • Published: Jan. 14, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291219 Results