Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-33093

    IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-4286

    A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected st... Read more

    Affected Products : incontrol_web
    • Published: May. 05, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-1992

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory aft... Read more

    Affected Products : linux_kernel db2 windows unix
    • Published: May. 05, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-7342

    A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the co... Read more

    Affected Products : image_builder
    • Published: Aug. 17, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-20134

    A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpec... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2024-52896

    IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    • Published: Dec. 19, 2024
    • Modified: Aug. 19, 2025

  • 6.2

    MEDIUM
    CVE-2024-52897

    IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    • Published: Dec. 19, 2024
    • Modified: Aug. 19, 2025

  • 7.5

    HIGH
    CVE-2024-3651

    A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequentl... Read more

    • Published: Jul. 07, 2024
    • Modified: Aug. 19, 2025

  • 8.1

    HIGH
    CVE-2024-58087

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.... Read more

    Affected Products : linux_kernel
    • Published: Mar. 12, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-46785

    Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.... Read more

    • Published: May. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2900

    IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES... Read more

    Affected Products : semeru_runtime
    • Published: May. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-38745

    Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, ... Read more

    Affected Products : openmanage_enterprise
    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-54409

    AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attribut... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-54389

    AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or remo... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-8964

    A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the ... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-8962

    A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buff... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-23084

    A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path,... Read more

    Affected Products : node.js windows
    • Published: Jan. 28, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Path Traversal

  • 9.0

    HIGH
    CVE-2025-8940

    A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched rem... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8939

    A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The explo... Read more

    Affected Products : ac20_firmware ac20
    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-6297

    It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files ... Read more

    Affected Products : dpkg
    • Published: Jul. 01, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Denial of Service
Showing 20 of 292425 Results