Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-2866

    Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause inva... Read more

    Affected Products : libreoffice
    • Published: Apr. 27, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2018-13065

    ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured... Read more

    Affected Products : modsecurity modsecurity modsecurity
    • Published: Jul. 03, 2018
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2022-48279

    In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C langua... Read more

    Affected Products : debian_linux modsecurity modsecurity
    • Published: Jan. 20, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2020-15598

    Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regul... Read more

    Affected Products : debian_linux modsecurity modsecurity
    • Published: Oct. 06, 2020
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2021-42717

    ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP reque... Read more

    • Published: Dec. 07, 2021
    • Modified: Jul. 03, 2025

  • 8.6

    HIGH
    CVE-2024-1019

    ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path compo... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jan. 30, 2024
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2023-28882

    Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.... Read more

    Affected Products : modsecurity modsecurity
    • Published: Apr. 28, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2023-38285

    Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.... Read more

    Affected Products : modsecurity modsecurity
    • Published: Jul. 26, 2023
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2019-19886

    Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in ... Read more

    Affected Products : fedora modsecurity modsecurity
    • Published: Jan. 21, 2020
    • Modified: Jul. 03, 2025

  • 5.3

    MEDIUM
    CVE-2019-25043

    ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.... Read more

    Affected Products : modsecurity modsecurity
    • Published: May. 06, 2021
    • Modified: Jul. 03, 2025

  • 7.5

    HIGH
    CVE-2024-31879

    IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.... Read more

    Affected Products : i i
    • Published: May. 18, 2024
    • Modified: Jul. 03, 2025

  • 6.8

    MEDIUM
    CVE-2024-47104

    IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. ... Read more

    Affected Products : i i
    • Published: Dec. 18, 2024
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-51463

    IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-51464

    IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to p... Read more

    Affected Products : i i
    • Published: Dec. 21, 2024
    • Modified: Jul. 03, 2025

  • 2.8

    LOW
    CVE-2024-35122

    IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to acc... Read more

    Affected Products : i i
    • Published: Jan. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-52895

    IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of ... Read more

    Affected Products : i i
    • Published: Feb. 14, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-36004

    IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Jun. 25, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-33122

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.... Read more

    Affected Products : i i
    • Published: Jun. 17, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-3218

    IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or t... Read more

    Affected Products : i i
    • Published: May. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2950

    IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address... Read more

    Affected Products : i i
    • Published: Apr. 18, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293634 Results