Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-0161

    IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.... Read more

    Affected Products : security_verify_access
    • Published: Feb. 20, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-26525

    Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-26526

    Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-26527

    Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-26528

    The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-26529

    Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-0719

    IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : cloud_pak_for_data
    • Published: Feb. 26, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-41778

    IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... Read more

    Affected Products : controller
    • Published: Mar. 01, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2252

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it po... Read more

    Affected Products : easy_digital_downloads
    • Published: Mar. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-2685

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This ma... Read more

    Affected Products : tablepress
    • Published: Mar. 27, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-6444

    ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vul... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-6445

    ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulner... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2024-30361

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-30362

    Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerab... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 5.5

    MEDIUM
    CVE-2024-30363

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 6.8

    MEDIUM
    CVE-2024-2660

    Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault ... Read more

    Affected Products : vault
    • Published: Apr. 04, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2024-2243

    A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.... Read more

    Affected Products : csmock
    • Published: Apr. 10, 2024
    • Modified: Aug. 08, 2025

  • 10.0

    CRITICAL
    CVE-2021-44228

    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker ... Read more

    • Actively Exploited
    • EPSS Score: %94.36
    • Published: Dec. 10, 2021
    • Modified: Aug. 08, 2025

  • 6.5

    MEDIUM
    CVE-2023-42035

    Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authen... Read more

    Affected Products : myconnection_server
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2023-42034

    Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user inte... Read more

    Affected Products : myconnection_server
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 291384 Results