Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-1334

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-45655

    IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.... Read more

    Affected Products : application_gateway
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-25019

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25020

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-25021

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-25022

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-4783

    The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output esca... Read more

    Affected Products : exclusive_addons_for_elementor
    • Published: May. 27, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4670

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sa... Read more

    Affected Products : easy_digital_downloads
    • Published: May. 29, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2023-44430

    Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : microstation view
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2023-42099

    Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the abi... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 8.0

    HIGH
    CVE-2023-41184

    TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authenticatio... Read more

    Affected Products : tapo_c210_firmware tapo_c210
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2023-41181

    LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not... Read more

    Affected Products : supersign_media_editor
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2023-40517

    LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authen... Read more

    Affected Products : supersign_media_editor
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2023-40481

    7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : 7-zip
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 9.0

    HIGH
    CVE-2025-8816

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It... Read more

    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-8815

    A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal.... Read more

    Affected Products :
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2024-11205

    The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authent... Read more

    Affected Products : wpforms
    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 7.1

    HIGH
    CVE-2024-10256

    Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.... Read more

    • Published: Dec. 10, 2024
    • Modified: Aug. 12, 2025

  • 3.3

    LOW
    CVE-2023-38113

    Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulne... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-11349

    The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() f... Read more

    Affected Products : adforest
    • Published: Dec. 21, 2024
    • Modified: Aug. 12, 2025
Showing 20 of 291222 Results