Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2020-15598

    Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regul... Read more

    Affected Products : debian_linux modsecurity modsecurity
    • Published: Oct. 06, 2020
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2021-42717

    ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP reque... Read more

    • Published: Dec. 07, 2021
    • Modified: Jul. 03, 2025

  • 8.6

    HIGH
    CVE-2024-1019

    ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path compo... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jan. 30, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2023-28882

    Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.... Read more

    Affected Products : modsecurity modsecurity
    • Published: Apr. 28, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2023-38285

    Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jul. 26, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2019-19886

    Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in ... Read more

    Affected Products : fedora modsecurity modsecurity
    • Published: Jan. 21, 2020
    • Modified: Jul. 03, 2025

  • 5.3

    MEDIUM
    CVE-2019-25043

    ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.... Read more

    Affected Products : modsecurity modsecurity
    • Published: May. 06, 2021
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-31879

    IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.... Read more

    Affected Products : i i
    • Published: May. 18, 2024
    • Modified: Jul. 03, 2025

  • 6.8

    MEDIUM
    CVE-2024-47104

    IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. ... Read more

    Affected Products : i i
    • Published: Dec. 18, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-51463

    IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-51464

    IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to p... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 2.8

    LOW
    CVE-2024-35122

    IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to acc... Read more

    Affected Products : i i
    • Published: Jan. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-52895

    IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of ... Read more

    Affected Products : i i
    • Published: Feb. 14, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-36004

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Jun. 25, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-33122

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Jun. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-3218

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or t... Read more

    Affected Products : i i
    • Published: May. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2950

    IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address... Read more

    Affected Products : i i
    • Published: Apr. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2024-55898

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Feb. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2022-39163

    IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks.... Read more

    Affected Products : windows cognos_controller controller
    • Published: Mar. 26, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2024-40702

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation.... Read more

    Affected Products : windows cognos_controller controller
    • Published: Jan. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication
Showing 20 of 293631 Results