Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5497

    A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argum... Read more

    Affected Products : phpwcms
    • Published: Jun. 03, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-32947

    This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.... Read more

    Affected Products :
    • Published: Apr. 15, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2024-23942

    A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.... Read more

    Affected Products : mbconnect24 mymbconnect24
    • Published: Mar. 18, 2025
    • Modified: Aug. 20, 2025

  • 5.7

    MEDIUM
    CVE-2024-28446

    Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi.... Read more

    • Published: Mar. 19, 2024
    • Modified: Aug. 20, 2025

  • 4.8

    MEDIUM
    CVE-2022-40490

    Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.... Read more

    Affected Products : tiny_file_manager
    • Published: Feb. 06, 2025
    • Modified: Aug. 20, 2025

  • 6.2

    MEDIUM
    CVE-2023-40694

    IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838.... Read more

    Affected Products : watson_cp4d_data_stores openshift
    • Published: May. 07, 2024
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2024-32324

    Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program.... Read more

    • Published: Apr. 25, 2024
    • Modified: Aug. 20, 2025

  • 7.2

    HIGH
    CVE-2025-34076

    An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary file... Read more

    Affected Products : microweber cockpit
    • Published: Jul. 02, 2025
    • Modified: Aug. 20, 2025

  • 5.1

    MEDIUM
    CVE-2025-7061

    A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The ex... Read more

    Affected Products : incontrol_web
    • Published: Jul. 04, 2025
    • Modified: Aug. 20, 2025

  • 8.8

    HIGH
    CVE-2025-6765

    A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues... Read more

    Affected Products : incontrol_web
    • Published: Jun. 27, 2025
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2025-29570

    An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc.... Read more

    • Published: Apr. 03, 2025
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-41787

    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely ... Read more

    • Published: Jan. 10, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-3632

    IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size.... Read more

    • Published: May. 12, 2025
    • Modified: Aug. 20, 2025

  • 5.5

    MEDIUM
    CVE-2025-1993

    IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database... Read more

    • Published: May. 09, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-33093

    IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret.... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025

  • 5.1

    MEDIUM
    CVE-2025-4286

    A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected st... Read more

    Affected Products : incontrol_web
    • Published: May. 05, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-1992

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory aft... Read more

    Affected Products : linux_kernel db2 windows unix
    • Published: May. 05, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-7342

    A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the co... Read more

    Affected Products : image_builder
    • Published: Aug. 17, 2025
    • Modified: Aug. 20, 2025

  • 8.6

    HIGH
    CVE-2025-20134

    A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpec... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025

  • 6.2

    MEDIUM
    CVE-2024-52896

    IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    • Published: Dec. 19, 2024
    • Modified: Aug. 19, 2025
Showing 20 of 290978 Results