Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.6

    MEDIUM
    CVE-2025-44779

    An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.... Read more

    Affected Products : ollama
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-7054

    Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/d... Read more

    Affected Products : quiche
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-50692

    FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.... Read more

    Affected Products : foxcms
    • Published: Aug. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-48913

    If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users ... Read more

    Affected Products : cxf
    • Published: Aug. 08, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2023-38264

    The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deser... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-43040

    IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.... Read more

    Affected Products : storage_fusion_hci
    • Published: May. 14, 2024
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2023-51636

    Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the... Read more

    Affected Products : avira_prime
    • Published: May. 22, 2024
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2023-51637

    Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vu... Read more

    Affected Products : sante_pacs_server
    • Published: May. 22, 2024
    • Modified: Aug. 14, 2025

  • 7.3

    HIGH
    CVE-2024-4454

    WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the... Read more

    • Published: May. 22, 2024
    • Modified: Aug. 14, 2025

  • 8.7

    HIGH
    CVE-2024-10383

    An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporar... Read more

    Affected Products : gitlab gitlab-web-ide-vscode-fork
    • Published: Feb. 07, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-51461

    IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.... Read more

    Affected Products : qradar_wincollect
    • Published: Apr. 11, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 4.0

    MEDIUM
    CVE-2024-22338

    IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.... Read more

    • Published: May. 31, 2024
    • Modified: Aug. 14, 2025

  • 6.3

    MEDIUM
    CVE-2024-37312

    user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the O... Read more

    Affected Products : nextcloud_server user_oidc notes
    • Published: Jun. 14, 2024
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2025-1998

    IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a loc... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-1997

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sen... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.9

    MEDIUM
    CVE-2024-38325

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain s... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2024-31906

    IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : automation_decision_services
    • Published: Jan. 26, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-37886

    user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3... Read more

    Affected Products : nextcloud_server user_oidc notes
    • Published: Jun. 14, 2024
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2024-41739

    IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.... Read more

    • Published: Jan. 24, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Supply Chain
Showing 20 of 291617 Results