Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-2498

    An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP ... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-23306

    NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code... Read more

    Affected Products : megatron-lm
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23305

    NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclo... Read more

    Affected Products : megatron-lm
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23304

    NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to re... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23303

    NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23298

    NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, info... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23296

    NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclo... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23295

    NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privile... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-23294

    NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosur... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-1477

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted pa... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2024-5477

    A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specializ... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2024-12303

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issu... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-10219

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private art... Read more

    Affected Products : gitlab
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-52385

    An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-51451

    In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-50594

    An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-34153

    Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI en... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2184

    A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2183

    An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same ... Read more

    Affected Products : globalprotect_app
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2025-2182

    A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A use... Read more

    Affected Products : pan-os
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography
Showing 20 of 291551 Results