Latest Published Vulnerabilities CVE

Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.4

MEDIUM

CVE-2023-46187

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede...

Affected Products : infosphere_master_data_management infosphere_master_data_management_server
Published: Jan. 27, 2025

Modified: Aug. 18, 2025
5.9

MEDIUM

CVE-2023-38009

IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning....

Affected Products : android iphone_os cognos_analytics cognos_analytics_mobile
Published: Jan. 26, 2025

Modified: Aug. 18, 2025
5.4

MEDIUM

CVE-2024-51457

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the inte...

Affected Products : robotic_process_automation robotic_process_automation_for_cloud_pak
Published: Jan. 22, 2025

Modified: Aug. 18, 2025
7.5

HIGH

CVE-2024-45652

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system....

Affected Products : maximo_asset_management
Published: Jan. 19, 2025

Modified: Aug. 18, 2025
6.5

MEDIUM

CVE-2024-49824

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as...

Affected Products : robotic_process_automation robotic_process_automation_for_cloud_pak
Published: Jan. 18, 2025

Modified: Aug. 18, 2025
9.1

CRITICAL

CVE-2024-47113

IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document....

Affected Products : voice_gateway
Published: Jan. 18, 2025

Modified: Aug. 18, 2025
7.5

HIGH

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources....

Affected Products : linux_kernel aix websphere_application_server macos windows i z\/os
Published: Aug. 14, 2025

Modified: Aug. 18, 2025
9.8

CRITICAL

CVE-2025-8943

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furth...

Affected Products :
Published: Aug. 14, 2025

Modified: Aug. 18, 2025
6.5

MEDIUM

CVE-2025-8517

A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended...

Affected Products : vvveb
Published: Aug. 04, 2025

Modified: Aug. 18, 2025
3.6

LOW

CVE-2025-55188

7-Zip before 25.01 does not always properly handle symbolic links during extraction....

Affected Products : 7-zip
Published: Aug. 08, 2025

Modified: Aug. 18, 2025
9.8

CRITICAL

CVE-2025-22941

A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands....

Affected Products : 411_firmware 411
Published: Mar. 31, 2025

Modified: Aug. 18, 2025
9.1

CRITICAL

CVE-2025-22940

Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password....

Affected Products : 411_firmware 411
Published: Mar. 31, 2025

Modified: Aug. 18, 2025
9.8

CRITICAL

CVE-2025-22939

A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands....

Affected Products : 411_firmware 411
Published: Mar. 31, 2025

Modified: Aug. 18, 2025
9.8

CRITICAL

CVE-2025-22938

Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords....

Affected Products : 411_firmware 411
Published: Mar. 31, 2025

Modified: Aug. 18, 2025
9.8

CRITICAL

CVE-2025-22937

An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors....

Affected Products : 411_firmware 411
Published: Mar. 31, 2025

Modified: Aug. 18, 2025
5.5

MEDIUM

CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and P...

Affected Products : fips_java_api bouncy_castle_for_java
EPSS Score: %0.06

Published: Nov. 23, 2023

Modified: Aug. 18, 2025
7.8

HIGH

CVE-2025-53154

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products
Published: Aug. 12, 2025

Modified: Aug. 18, 2025
5.7

MEDIUM

CVE-2025-53153

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2012_r2 windows_server_2008_r2 windows_server_2008_sp2 +1 more products
Published: Aug. 12, 2025

Modified: Aug. 18, 2025
7.8

HIGH

CVE-2025-53152

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +4 more products
Published: Aug. 12, 2025

Modified: Aug. 18, 2025
7.8

HIGH

CVE-2025-53151

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products
Published: Aug. 12, 2025

Modified: Aug. 18, 2025

Showing 20 of 290978 Results

1
...
87
88
89
90
91
92
93
...
14549

Latest CVE Feed

5.4

5.9

5.4

7.5

6.5

9.1

7.5

9.8

6.5

3.6

9.8

9.1

9.8

9.8

9.8

5.5

7.8

5.7

7.8

7.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable