Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2024-9773

    An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration coul... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-0811

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2242

    An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to c... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-2255

    An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-2867

    An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose... Read more

    Affected Products : gitlab
    • Published: Mar. 27, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2024-10307

    An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request.... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 9.3

    HIGH
    CVE-2007-0671

    Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted... Read more

    • Actively Exploited
    • EPSS Score: %66.16
    • Published: Feb. 03, 2007
    • Modified: Aug. 13, 2025

  • 9.3

    HIGH
    CVE-2013-3893

    Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that t... Read more

    Affected Products : internet_explorer
    • Actively Exploited
    • EPSS Score: %87.06
    • Published: Sep. 18, 2013
    • Modified: Aug. 13, 2025

  • 6.5

    MEDIUM
    CVE-2024-12619

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects.... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-3149

    A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Cou... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-3150

    A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be la... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-2987

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-2986

    IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc... Read more

    Affected Products : maximo_asset_management
    • Published: Apr. 25, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1095

    IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-56341

    IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2024-49338

    IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.... Read more

    • Published: Jan. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-9167

    Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.... Read more

    Affected Products : velocity_license_server
    • Published: Oct. 08, 2024
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-4405

    Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to ex... Read more

    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2024-4406

    Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required ... Read more

    • Published: May. 02, 2024
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2023-27334

    Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authenticati... Read more

    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025
Showing 20 of 291401 Results