Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-54172

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user t... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-54183

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alte... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-36050

    IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.... Read more

    • Published: Jun. 19, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-33121

    IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more

    • Published: Jun. 19, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: XML External Entity

  • 9.1

    CRITICAL
    CVE-2025-33117

    IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.... Read more

    • Published: Jun. 19, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2024-58248

    nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.... Read more

    Affected Products : nopcommerce
    • Published: Apr. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2024-51978

    An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IP... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-51977

    An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.cs... Read more

    Affected Products :
    • Published: Jun. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2014-9192

    Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large ... Read more

    Affected Products : vtscada
    • EPSS Score: %1.88
    • Published: Dec. 11, 2014
    • Modified: Jul. 25, 2025

  • 7.8

    HIGH
    CVE-2024-6677

    Privilege escalation in uberAgent... Read more

    Affected Products : uberagent
    • Published: Jul. 12, 2024
    • Modified: Jul. 25, 2025

  • 8.7

    HIGH
    CVE-2025-6948

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by inj... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-6168

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 2.7

    LOW
    CVE-2025-4972

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-3396

    An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API reque... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-53930

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_especie.php` endpoint of the WeGIA application prior to version 3.4... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-53929

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` endpoint of the WeGIA application prior to version 3.4.5. ... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-53938

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php` endpoint of the WeGIA application prior to version 3.... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-53937

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-53936

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to ver... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-53935

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to ver... Read more

    Affected Products : wegia
    • Published: Jul. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292325 Results