Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-8244

    The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 5.3

    MEDIUM
    CVE-2025-51308

    In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-51306

    In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2025-51040

    Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 8.1

    HIGH
    CVE-2025-50286

    A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary P... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025

  • 6.5

    MEDIUM
    CVE-2025-50234

    MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1) function, which utilizes a hard-coded key Mc... Read more

    Affected Products : mccms
    • Published: Aug. 06, 2025
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-50233

    A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory ... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2025-36020

    IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 13, 2025

  • 6.5

    MEDIUM
    CVE-2025-2028

    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 5.0

    MEDIUM
    CVE-2024-52885

    The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 6.1

    MEDIUM
    CVE-2025-8616

    A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2025-3354

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to cras... Read more

    Affected Products : tivoli_monitoring
    • Published: Aug. 06, 2025
    • Modified: Aug. 13, 2025

  • 9.8

    CRITICAL
    CVE-2025-3320

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to cras... Read more

    Affected Products : tivoli_monitoring
    • Published: Aug. 06, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2025-23335

    NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23334

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23333

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to informati... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23331

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerabil... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 9.1

    CRITICAL
    CVE-2025-23327

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23326

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-23325

    NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 12, 2025
Showing 20 of 290954 Results