Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-2634

    Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This v... Read more

    Affected Products : labview
    • Published: Jul. 23, 2025
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2025-2633

    Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially craf... Read more

    Affected Products : labview
    • Published: Jul. 23, 2025
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2025-6018

    A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileg... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2025-40598

    A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 7.5

    HIGH
    CVE-2025-40597

    A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 7.3

    HIGH
    CVE-2025-40596

    A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 6.3

    MEDIUM
    CVE-2025-36117

    IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : db2_mirror_for_i
    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 6.3

    MEDIUM
    CVE-2025-36116

    IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection ... Read more

    Affected Products : db2_mirror_for_i
    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-33077

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-33076

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 7.5

    HIGH
    CVE-2025-33020

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 11, 2025

  • 6.3

    MEDIUM
    CVE-2025-54090

    A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.... Read more

    Affected Products : http_server
    • Published: Jul. 23, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-46099

    In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 9.1

    CRITICAL
    CVE-2025-40599

    An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code ... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 9.3

    CRITICAL
    CVE-2022-4978

    Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 9.3

    CRITICAL
    CVE-2018-25114

    A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after install... Read more

    Affected Products : online_merchant
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 8.7

    HIGH
    CVE-2018-25113

    An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFi... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 9.3

    CRITICAL
    CVE-2017-20198

    The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write pr... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 8.5

    HIGH
    CVE-2016-15045

    A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configur... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 9.3

    CRITICAL
    CVE-2015-10141

    An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol comma... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291012 Results