Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-5120

    A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py mo... Read more

    Affected Products : smolagents
    • Published: Jul. 27, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-1753

    LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argumen... Read more

    Affected Products : llamaindex
    • Published: May. 28, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-33097

    IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • Published: Jul. 15, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-36107

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 5.2

    MEDIUM
    CVE-2025-36057

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is not used in the application.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-36062

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.2

    HIGH
    CVE-2025-36106

    IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used to access confidential information on the device or network by using a the depre... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-36071

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release ... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2024-52894

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions w... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-20536

    A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device. ... Read more

    • Published: Nov. 06, 2024
    • Modified: Aug. 07, 2025

  • 5.3

    MEDIUM
    CVE-2025-20150

    A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability b... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 16, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2022-20626

    A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid c... Read more

    Affected Products : prime_access_registrar
    • Published: Nov. 15, 2024
    • Modified: Aug. 07, 2025

  • 6.1

    MEDIUM
    CVE-2022-20654

    A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient va... Read more

    Affected Products : webex_meetings
    • Published: Nov. 15, 2024
    • Modified: Aug. 07, 2025

  • 7.6

    HIGH
    CVE-2024-4981

    A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.... Read more

    Affected Products : pagure
    • Published: May. 12, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 7.6

    HIGH
    CVE-2024-4982

    A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.... Read more

    Affected Products : pagure
    • Published: May. 12, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-26531

    Insufficient capability checks made it possible to disable badges a user does not have permission to access.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-26532

    Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-26533

    An SQL injection risk was identified in the module list filter within course search.... Read more

    Affected Products : moodle
    • Published: Feb. 24, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2019-9923

    pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.... Read more

    Affected Products : leap tar
    • EPSS Score: %0.37
    • Published: Mar. 22, 2019
    • Modified: Aug. 06, 2025

  • 6.2

    MEDIUM
    CVE-2016-9401

    popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.... Read more

    • EPSS Score: %0.01
    • Published: Jan. 23, 2017
    • Modified: Aug. 06, 2025
Showing 20 of 291520 Results