Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-49534

    Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be exe... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-49547

    Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be exe... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2024-32122

    A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.... Read more

    Affected Products : fortios
    • Published: Apr. 08, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2023-42007

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    • Published: Apr. 10, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2023-43035

    IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.... Read more

    • Published: Apr. 10, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-45651

    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.... Read more

    • Published: Apr. 18, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-49808

    IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.... Read more

    • Published: Apr. 18, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2024-41757

    IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using... Read more

    Affected Products : concert concert_software
    • Published: Jan. 24, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-52893

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3  could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the ... Read more

    Affected Products : concert concert_software
    • Published: Jan. 07, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-52891

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization.... Read more

    Affected Products : concert concert_software
    • Published: Jan. 07, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-52367

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.... Read more

    Affected Products : concert concert_software
    • Published: Jan. 07, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-52366

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sen... Read more

    Affected Products : concert concert_software
    • Published: Jan. 07, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-52360

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.... Read more

    Affected Products : concert concert_software
    • Published: Nov. 19, 2024
    • Modified: Jul. 18, 2025

  • 8.8

    HIGH
    CVE-2024-52359

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.... Read more

    Affected Products : concert concert_software
    • Published: Nov. 19, 2024
    • Modified: Jul. 18, 2025

  • 6.5

    MEDIUM
    CVE-2024-37070

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.... Read more

    Affected Products : linux_kernel concert concert_software
    • Published: Nov. 19, 2024
    • Modified: Jul. 18, 2025

  • 6.1

    MEDIUM
    CVE-2024-41785

    IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti... Read more

    Affected Products : concert
    • Published: Nov. 15, 2024
    • Modified: Jul. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-43189

    IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information u... Read more

    Affected Products : concert
    • Published: Nov. 15, 2024
    • Modified: Jul. 18, 2025

  • 6.7

    MEDIUM
    CVE-2025-24477

    A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command... Read more

    Affected Products : fortios
    • Published: Jul. 15, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-7553

    A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate... Read more

    Affected Products : dir-818lw_firmware dir-818lw
    • Published: Jul. 14, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-26211

    Gibbon before 29.0.00 allows CSRF.... Read more

    Affected Products : gibbon
    • Published: May. 27, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291617 Results