Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-49564

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-49563

    Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu... Read more

    Affected Products : macos windows illustrator
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-32766

    A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-22347

    IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more

    Affected Products : urbancode_velocity devops_velocity
    • Published: Jan. 20, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2025-27759

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated priv... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-25248

    An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versi... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-49758

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49759

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-53727

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-47954

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : sql_server_2022
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-51462

    IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.... Read more

    Affected Products : qradar_wincollect
    • Published: Jan. 17, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-51465

    IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    • Published: Dec. 04, 2024
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-52964

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 thr... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 4.4

    MEDIUM
    CVE-2024-40588

    Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera ... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2024-48892

    A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.... Read more

    Affected Products : fortisoar
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-1950

    IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2024-26009

    An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2023-38007

    IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, wo... Read more

    Affected Products : cloud_pak_system
    • Published: Jun. 27, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-8918

    A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site s... Read more

    Affected Products : i-educar
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-1991

    IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.... Read more

    Affected Products : informix_dynamic_server
    • Published: Jun. 28, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291647 Results