Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-45089

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jan. 31, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2024-40696

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jan. 31, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-11741

    Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3,  11.2.6, 11.1.11, ... Read more

    Affected Products : grafana
    • Published: Jan. 31, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2023-38739

    IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Jan. 31, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2024-45650

    IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.... Read more

    Affected Products : security_verify_directory
    • Published: Jan. 31, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-0930

    Reflected Cross-Site Scripting (XSS) in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-0929

    SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-24831

    Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-24830

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-24829

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-24828

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-24827

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21683

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUS... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21682

    In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: always recalculate features after XDP clearing, fix null-deref Recalculate features when XDP is detached. Before: # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp # ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-21681

    In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_s... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-21680

    In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect bo... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21679

    In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return err... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-21678

    In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtp_newlink() links the device to a list in dev_net(dev) instead of src_net, where a udp tunnel socket is created. Even whe... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 02, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-21677

    In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcp_newlink() links the device to a list in dev_net(dev) instead of net, where a udp tunnel socket is created. Even when ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-21676

    In the Linux kernel, the following vulnerability has been resolved: net: fec: handle page_pool_dev_alloc_pages error The fec_enet_update_cbd function calls page_pool_dev_alloc_pages but did not handle the case when it returned NULL. There was a WARN_ON(... Read more

    Affected Products : linux_kernel
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291275 Results