Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-1997

    IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sen... Read more

    Affected Products : urbancode_deploy devops_deploy
    • Published: Mar. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.9

    MEDIUM
    CVE-2024-38325

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain s... Read more

    • Published: Jan. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2024-31906

    IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system.... Read more

    Affected Products : automation_decision_services
    • Published: Jan. 26, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-37886

    user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3... Read more

    Affected Products : nextcloud_server user_oidc notes
    • Published: Jun. 14, 2024
    • Modified: Aug. 14, 2025

  • 8.8

    HIGH
    CVE-2024-41739

    IBM Cognos Dashboards 4.0.7 and 5.0.0 on Cloud Pak for Data could allow a remote attacker to perform unauthorized actions due to dependency confusion.... Read more

    • Published: Jan. 24, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Supply Chain

  • 7.2

    HIGH
    CVE-2024-55889

    phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> elemen... Read more

    Affected Products : phpmyfaq
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 10.0

    CRITICAL
    CVE-2024-28787

    IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force... Read more

    • Published: Apr. 04, 2024
    • Modified: Aug. 14, 2025

  • 7.8

    HIGH
    CVE-2024-12552

    Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : center
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-28782

    IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Apr. 03, 2024
    • Modified: Aug. 14, 2025

  • 6.4

    MEDIUM
    CVE-2025-33118

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to c... Read more

    • Published: Aug. 01, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2025-2824

    IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker cou... Read more

    Affected Products : operational_decision_manager
    • Published: Aug. 01, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.5

    MEDIUM
    CVE-2024-38335

    IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.... Read more

    • Published: Jul. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-2670

    IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information abo... Read more

    Affected Products : openpages_with_watson openpages
    • Published: Jul. 09, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-12553

    GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exp... Read more

    Affected Products : gv-asmanager
    • Published: Dec. 13, 2024
    • Modified: Aug. 14, 2025

  • 5.5

    MEDIUM
    CVE-2024-12754

    AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the ... Read more

    Affected Products : anydesk
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 9.9

    CRITICAL
    CVE-2024-12828

    Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exist... Read more

    Affected Products : webmin
    • Published: Dec. 30, 2024
    • Modified: Aug. 14, 2025

  • 8.2

    HIGH
    CVE-2025-3528

    A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and eleva... Read more

    Affected Products : mirror_registry
    • Published: May. 09, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2024-56199

    phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a ... Read more

    Affected Products : phpmyfaq
    • Published: Jan. 02, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-50614

    A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the progr... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291736 Results