Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-36406

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this issue.... Read more

    Affected Products : suitecrm
    • Published: Jun. 10, 2024
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2025-8814

    A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack ma... Read more

    Affected Products :
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-8813

    A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument... Read more

    Affected Products :
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-8812

    A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the... Read more

    Affected Products :
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2025-1334

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-45655

    IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.... Read more

    Affected Products : application_gateway
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-25019

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-25020

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-25021

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-25022

    IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Jun. 03, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-4783

    The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output esca... Read more

    Affected Products : exclusive_addons_for_elementor
    • Published: May. 27, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4670

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sa... Read more

    Affected Products : easy_digital_downloads
    • Published: May. 29, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2023-44430

    Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : microstation view
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2023-42099

    Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the abi... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 8.0

    HIGH
    CVE-2023-41184

    TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authenticatio... Read more

    Affected Products : tapo_c210_firmware tapo_c210
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2023-41181

    LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not... Read more

    Affected Products : supersign_media_editor
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2023-40517

    LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authen... Read more

    Affected Products : supersign_media_editor
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 7.8

    HIGH
    CVE-2023-40481

    7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : 7-zip
    • Published: May. 03, 2024
    • Modified: Aug. 12, 2025

  • 9.0

    HIGH
    CVE-2025-8816

    A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It... Read more

    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-8815

    A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal.... Read more

    Affected Products :
    • Published: Aug. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291255 Results