Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-47727

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-27366

    Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2021-21981

    VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than thei... Read more

    • EPSS Score: %0.05
    • Published: Apr. 19, 2021
    • Modified: Aug. 13, 2025

  • 5.9

    MEDIUM
    CVE-2020-3993

    VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this is... Read more

    • EPSS Score: %0.32
    • Published: Oct. 20, 2020
    • Modified: Aug. 13, 2025

  • 6.1

    MEDIUM
    CVE-2023-20868

    NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.... Read more

    • EPSS Score: %0.15
    • Published: May. 26, 2023
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-32155

    Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi s... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 9.0

    CRITICAL
    CVE-2023-32156

    Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged co... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2023-32157

    Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-34298

    Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to ... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-42124

    Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the a... Read more

    Affected Products : premium_security
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-42125

    Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to... Read more

    Affected Products : premium_security
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 8.7

    HIGH
    CVE-2024-7254

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownField... Read more

    • Published: Sep. 19, 2024
    • Modified: Aug. 13, 2025

  • 10.0

    HIGH
    CVE-2025-8731

    A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. T... Read more

    Affected Products :
    • Published: Aug. 08, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-3576

    A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions... Read more

    • Published: Apr. 15, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2024-7128

    A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any aut... Read more

    Affected Products : openshift_container_platform
    • Published: Jul. 26, 2024
    • Modified: Aug. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-48133

    Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.... Read more

    Affected Products : uncanny_automator
    • Published: Jun. 05, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-30974

    Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13.... Read more

    Affected Products : post_grid_master
    • Published: Jun. 06, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2024-9773

    An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration coul... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-0811

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2242

    An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to c... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization
Showing 20 of 291269 Results