Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2024-5307

    Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit... Read more

    Affected Products : kofax_power_pdf power_pdf
    • Published: Jun. 06, 2024
    • Modified: Aug. 06, 2025

  • 6.2

    MEDIUM
    CVE-2024-40682

    IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input.... Read more

    Affected Products : smartcloud_analytics_log_analysis
    • Published: Jul. 23, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-33114

    IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-33092

    IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-36010

    IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2533

    IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-0781

    An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.... Read more

    Affected Products : debian_linux simgear
    • Published: Jan. 28, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-52887

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be rele... Read more

    Affected Products : cpp-httplib cpp-httplib
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-48950

    MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execut... Read more

    Affected Products : maxkb
    • Published: Jun. 03, 2025
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2024-3976

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title an... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2023-4232

    A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious ... Read more

    Affected Products : fedora ofono
    • Published: Apr. 17, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2024-9631

    An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-5528

    An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2024-6356

    An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot.... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-1539

    An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member usi... Read more

    Affected Products : gitlab
    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-1198

    An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming r... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 6.6

    MEDIUM
    CVE-2024-8266

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2024-7102

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.... Read more

    Affected Products : gitlab
    • Published: Feb. 13, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-0516

    Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-9870

    An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.... Read more

    Affected Products : gitlab
    • Published: Feb. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 291384 Results