Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-0719

    IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : cloud_pak_for_data
    • Published: Feb. 26, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-41778

    IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.... Read more

    Affected Products : controller
    • Published: Mar. 01, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2252

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it po... Read more

    Affected Products : easy_digital_downloads
    • Published: Mar. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-2685

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This ma... Read more

    Affected Products : tablepress
    • Published: Mar. 27, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-6444

    ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability. This vulnerability allows remote attackers to relay NTLM credentials on affected installations of ServiceStack. Interaction with this library is required to exploit this vul... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-6445

    ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulner... Read more

    Affected Products : servicestack
    • Published: Jun. 25, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2024-30361

    Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2024-30362

    Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerab... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 5.5

    MEDIUM
    CVE-2024-30363

    Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Apr. 02, 2024
    • Modified: Aug. 08, 2025

  • 6.8

    MEDIUM
    CVE-2024-2660

    Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault ... Read more

    Affected Products : vault
    • Published: Apr. 04, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2024-2243

    A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.... Read more

    Affected Products : csmock
    • Published: Apr. 10, 2024
    • Modified: Aug. 08, 2025

  • 10.0

    CRITICAL
    CVE-2021-44228

    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker ... Read more

    • Actively Exploited
    • EPSS Score: %94.36
    • Published: Dec. 10, 2021
    • Modified: Aug. 08, 2025

  • 6.5

    MEDIUM
    CVE-2023-42035

    Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authen... Read more

    Affected Products : myconnection_server
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 8.8

    HIGH
    CVE-2023-42034

    Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user inte... Read more

    Affected Products : myconnection_server
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 7.2

    HIGH
    CVE-2023-42033

    Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentica... Read more

    Affected Products : myconnection_server
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 7.5

    HIGH
    CVE-2023-42032

    Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authen... Read more

    Affected Products : myconnection_server
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 8.6

    HIGH
    CVE-2023-41185

    Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication... Read more

    Affected Products : uagateway
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 5.5

    MEDIUM
    CVE-2024-2877

    Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, ... Read more

    Affected Products : vault
    • Published: Apr. 30, 2024
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2023-50228

    Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first ob... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025

  • 8.3

    HIGH
    CVE-2023-50227

    Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnera... Read more

    Affected Products : parallels_desktop
    • Published: May. 03, 2024
    • Modified: Aug. 08, 2025
Showing 20 of 291558 Results