Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-44906

    uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15.... Read more

    Affected Products : pgdriver
    • Published: Jun. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 10.0

    HIGH
    CVE-2022-1292

    The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arb... Read more

    • EPSS Score: %49.69
    • Published: May. 03, 2022
    • Modified: Aug. 13, 2025

  • 7.2

    HIGH
    CVE-2025-36048

    IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-36049

    IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: XML External Entity

  • 5.1

    MEDIUM
    CVE-2025-25527

    Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote ta... Read more

    • Published: Feb. 11, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2023-30308

    An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of service.... Read more

    • Published: May. 28, 2024
    • Modified: Aug. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-3319

    IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.... Read more

    • Published: Jun. 20, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-6468

    Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not list... Read more

    Affected Products : vault
    • Published: Jul. 11, 2024
    • Modified: Aug. 13, 2025

  • 2.7

    LOW
    CVE-2025-5416

    A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.... Read more

    Affected Products : keycloak
    • Published: Jun. 20, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-6206

    The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all ve... Read more

    Affected Products : aiomatic
    • Published: Jun. 24, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-31887

    IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651.... Read more

    • Published: Apr. 16, 2024
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2023-47731

    IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: Apr. 23, 2024
    • Modified: Aug. 13, 2025

  • 8.4

    HIGH
    CVE-2024-25050

    IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-contro... Read more

    Affected Products : i i rational_developer_for_i
    • Published: Apr. 28, 2024
    • Modified: Aug. 13, 2025

  • 5.9

    MEDIUM
    CVE-2022-38386

    IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 01, 2024
    • Modified: Aug. 13, 2025

  • 4.3

    MEDIUM
    CVE-2023-47727

    IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089.... Read more

    Affected Products : cloud_pak_for_security qradar_suite
    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-27366

    Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2021-21981

    VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than thei... Read more

    • EPSS Score: %0.05
    • Published: Apr. 19, 2021
    • Modified: Aug. 13, 2025

  • 5.9

    MEDIUM
    CVE-2020-3993

    VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this is... Read more

    • EPSS Score: %0.32
    • Published: Oct. 20, 2020
    • Modified: Aug. 13, 2025

  • 6.1

    MEDIUM
    CVE-2023-20868

    NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.... Read more

    • EPSS Score: %0.15
    • Published: May. 26, 2023
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2023-32155

    Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi s... Read more

    Affected Products : model_3_firmware model_3
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025
Showing 20 of 291384 Results