Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-53102

    Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which ... Read more

    Affected Products : discourse
    • Published: Jul. 29, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-52899

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form a... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-52490

    An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output.... Read more

    Affected Products : sync_gateway
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-45346

    SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.... Read more

    Affected Products : bacula-web
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-43018

    Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some... Read more

    Affected Products : piwigo
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-51045

    Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter.... Read more

    Affected Products : pre-school_enrollment_system
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-51044

    phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter.... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-36071

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release ... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-33114

    IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-33092

    IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2024-52894

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions w... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-51473

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-49828

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions w... Read more

    Affected Products : db2
    • Published: Jul. 29, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-42655

    An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.... Read more

    Affected Products : nanomq
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-42651

    NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.... Read more

    Affected Products : nanomq
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7675

    A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7497

    A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6637

    A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the cont... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6636

    A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of t... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6635

    A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in th... Read more

    • Published: Jul. 29, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291400 Results