Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-28782

    IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Apr. 03, 2024
    • Modified: Aug. 14, 2025

  • 6.4

    MEDIUM
    CVE-2025-33118

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2025-2824

    IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker cou... Read more

    Affected Products : operational_decision_manager
    • Published: Aug. 01, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.5

    MEDIUM
    CVE-2024-38335

    IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.... Read more

    • Published: Jul. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-2670

    IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information abo... Read more

    Affected Products : openpages_with_watson openpages
    • Published: Jul. 09, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-12553

    GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exp... Read more

    Affected Products : gv-asmanager
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2024-12754

    AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the ... Read more

    Affected Products : anydesk
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 9.9

    CRITICAL
    CVE-2024-12828

    Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exist... Read more

    Affected Products : webmin
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 8.2

    HIGH
    CVE-2025-3528

    A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and eleva... Read more

    Affected Products : mirror_registry
    • Published: May. 09, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-56199

    phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a ... Read more

    Affected Products : phpmyfaq
    • Published: Jan. 02, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-50614

    A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the progr... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-10219

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private art... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-8921

    A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The ex... Read more

    Affected Products : job_diary
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8922

    A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed... Read more

    Affected Products : job_diary
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8923

    A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been di... Read more

    Affected Products : job_diary
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8924

    A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploi... Read more

    Affected Products : online_water_billing_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-8925

    A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The expl... Read more

    Affected Products : sports_management_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-22134

    When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch ... Read more

    Affected Products : vim bootstrap_os hci_compute_node
    • Published: Jan. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2011-10018

    myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was intro... Read more

    Affected Products : mybb
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-8928

    A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injecti... Read more

    Affected Products : medical_store_management_system
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection
Showing 20 of 291634 Results