Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-50610

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the pr... Read more

    Affected Products : wf2880_firmware wf2880
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-2770

    BEC Technologies Multiple Routers Cleartext Password Storage Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BEC Technologies routers. Authentication is requir... Read more

    Affected Products : router_firmware
    • Published: Apr. 23, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-50340

    An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The serve... Read more

    Affected Products :
    • Published: Aug. 04, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-31177

    gnuplot is affected by a heap buffer overflow at function utf8_copy_one.... Read more

    Affected Products : gnuplot
    • Published: May. 07, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2024-53986

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53987

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-53988

    rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with cer... Read more

    • Published: Dec. 02, 2024
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2024-54141

    phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.... Read more

    Affected Products : phpmyfaq
    • Published: Dec. 06, 2024
    • Modified: Aug. 15, 2025

  • 7.8

    HIGH
    CVE-2024-52586

    eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker... Read more

    Affected Products : elabftw
    • Published: Dec. 09, 2024
    • Modified: Aug. 15, 2025

  • 6.6

    MEDIUM
    CVE-2025-5918

    A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, incl... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-47117

    IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea... Read more

    Affected Products : carbon_charts
    • Published: Dec. 10, 2024
    • Modified: Aug. 15, 2025

  • 7.8

    HIGH
    CVE-2024-11872

    Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to exe... Read more

    Affected Products : launcher
    • Published: Dec. 12, 2024
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-11950

    XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit ... Read more

    Affected Products : xnview
    • Published: Dec. 12, 2024
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-51470

    IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set valu... Read more

    Affected Products : mq mq_appliance mq_for_hpe_nonstop
    • Published: Dec. 18, 2024
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2024-28767

    IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more

    Affected Products : security_directory_integrator
    • Published: Dec. 20, 2024
    • Modified: Aug. 15, 2025

  • 7.8

    HIGH
    CVE-2025-40768

    A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to acce... Read more

    Affected Products : sinec_traffic_analyzer
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-8296

    SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution... Read more

    Affected Products : avalanche
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-8297

    Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution... Read more

    Affected Products : avalanche
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-40767

    A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevate... Read more

    Affected Products : sinec_traffic_analyzer
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-36023

    IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Aug. 08, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292818 Results