Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-35146

    IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functional... Read more

    Affected Products : maximo_application_suite
    • Published: Nov. 06, 2024
    • Modified: Jul. 08, 2025

  • 5.3

    MEDIUM
    CVE-2024-35144

    IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.... Read more

    Affected Products : maximo_application_suite
    • Published: Jan. 25, 2025
    • Modified: Jul. 08, 2025

  • 6.1

    MEDIUM
    CVE-2024-35145

    IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi... Read more

    Affected Products : maximo_application_suite
    • Published: Jan. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-35148

    IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-... Read more

    Affected Products : maximo_application_suite
    • Published: Jan. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-35150

    IBM Maximo Application Suite 8.10.12, 8.11.0, 9.0.1, and 9.1.0 - Monitor Component does not neutralize output that is written to logs, which could allow an attacker to inject false log entries.... Read more

    Affected Products : maximo_application_suite
    • Published: Jan. 25, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-53499

    Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-53496

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension allows Stored XSS.This issue affects Mediawiki - MediaSearch Extension: from 1.42.X before ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-53495

    Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-31022

    Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU PayU India allows Authentication Abuse.This issue affects PayU India: from n/a before 3.8.8.... Read more

    Affected Products : payu_india_payment_gateway
    • Published: Jun. 09, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-1500

    IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.... Read more

    Affected Products : maximo_application_suite
    • Published: Apr. 05, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-0158

    IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 06, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-0759

    IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared resource synchronization.... Read more

    Affected Products : linux_kernel windows entirex
    • Published: Feb. 27, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Race Condition

  • 9.3

    HIGH
    CVE-2020-1171

    A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2... Read more

    Affected Products : visual_studio_code python
    • Published: May. 21, 2020
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2020-1192

    A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-... Read more

    Affected Products : visual_studio_code python
    • Published: May. 21, 2020
    • Modified: Jul. 08, 2025

  • 5.9

    MEDIUM
    CVE-2024-38314

    IBM Maximo Application Suite - Monitor Component 8.10, 8.11, and 9.0 could disclose information in the form of the hard-coded cryptographic key to an attacker that has compromised environment.... Read more

    Affected Products : maximo_application_suite
    • Published: Oct. 24, 2024
    • Modified: Jul. 08, 2025

  • 6.3

    MEDIUM
    CVE-2024-22351

    IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-25045

    IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.... Read more

    • Published: Apr. 23, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-4128

    Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/t... Read more

    Affected Products : mattermost_server
    • Published: Jun. 11, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-7180

    A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument User leads to sql injection. The attack may be i... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-7181

    A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfile leads to unrestricted upload. It is possible to laun... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication
Showing 20 of 293604 Results