Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2024-36328

    Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability.... Read more

    Affected Products : ryzen_ai_software
    • Published: Apr. 02, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-0154

    IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-56476

    IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-56475

    IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-56474

    IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-31728

    Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : asakusasatellite
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-31727

    Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file ... Read more

    Affected Products : asakusasatellite
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-31726

    Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.... Read more

    Affected Products : stack_hammer
    • Published: Apr. 02, 2025
    • Modified: Apr. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-31725

    Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.... Read more

    Affected Products : monitor-remote-job
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-31724

    Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins... Read more

    Affected Products : cadence_vmanager
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-31723

    A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.... Read more

    Affected Products : simple_queue
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-31722

    In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.... Read more

    Affected Products : templating_engine
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31721

    A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.... Read more

    Affected Products : jenkins
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-31720

    A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.... Read more

    Affected Products : jenkins
    • Published: Apr. 02, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-56341

    IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-25051

    IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.... Read more

    • Published: Apr. 02, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-21994

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace *)) It... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-50597

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this ... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50596

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this ... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-50595

    An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious... Read more

    • Published: Apr. 02, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service
Showing 20 of 293333 Results