Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-2642

    A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. T... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 21, 2025

  • 8.5

    HIGH
    CVE-2025-23365

    A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to es... Read more

    Affected Products : tia_administrator
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-30251

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop ... Read more

    Affected Products : aiohttp
    • Published: May. 02, 2024
    • Modified: Aug. 21, 2025

  • 5.5

    MEDIUM
    CVE-2025-57733

    In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 8.4

    HIGH
    CVE-2025-23364

    A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.... Read more

    Affected Products : tia_administrator
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-57732

    In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership... Read more

    Affected Products : teamcity
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 8.7

    HIGH
    CVE-2025-57731

    In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content... Read more

    Affected Products : youtrack
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-25015

    IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278.... Read more

    Affected Products : linux_kernel aix mq windows linux_on_ibm_z
    • Published: May. 01, 2024
    • Modified: Aug. 21, 2025

  • 6.7

    MEDIUM
    CVE-2025-9043

    The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions t... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025

  • 5.2

    MEDIUM
    CVE-2025-57730

    In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.1

    HIGH
    CVE-2025-40593

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service cond... Read more

    Affected Products : simatic_cn_4100
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 7.3

    HIGH
    CVE-2025-57729

    In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-40738

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and po... Read more

    Affected Products : sinec_nms
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-40737

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and po... Read more

    Affected Products : sinec_nms
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-40736

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadm... Read more

    Affected Products : sinec_nms
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 8.8

    HIGH
    CVE-2025-40735

    A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.... Read more

    Affected Products : sinec_nms
    • Published: Jul. 08, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-3737

    A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attac... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2024-3736

    A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be la... Read more

    Affected Products : nginxwebui
    • Published: Apr. 13, 2024
    • Modified: Aug. 21, 2025

  • 6.5

    MEDIUM
    CVE-2025-57728

    In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025

  • 7.5

    HIGH
    CVE-2025-57727

    In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference... Read more

    Affected Products : intellij_idea
    • Published: Aug. 20, 2025
    • Modified: Aug. 21, 2025
Showing 20 of 290957 Results