Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-46686

    Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because... Read more

    Affected Products : redis
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 8.7

    HIGH
    CVE-2025-4700

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content... Read more

    Affected Products : gitlab
    • Published: Jul. 23, 2025
    • Modified: Aug. 08, 2025

  • 7.7

    HIGH
    CVE-2025-4439

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served thro... Read more

    Affected Products : gitlab
    • Published: Jul. 23, 2025
    • Modified: Aug. 08, 2025

  • 7.8

    HIGH
    CVE-2025-8069

    During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place a... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 4.8

    MEDIUM
    CVE-2025-50481

    A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.... Read more

    Affected Products : mezzanine
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025

  • 5.4

    MEDIUM
    CVE-2025-46171

    vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing... Read more

    Affected Products : vbulletin
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025

  • 7.8

    HIGH
    CVE-2025-2634

    Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This v... Read more

    Affected Products : labview
    • Published: Jul. 23, 2025
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2025-2633

    Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially craf... Read more

    Affected Products : labview
    • Published: Jul. 23, 2025
    • Modified: Aug. 19, 2025

  • 7.8

    HIGH
    CVE-2025-6018

    A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileg... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 6.1

    MEDIUM
    CVE-2025-40598

    A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 7.5

    HIGH
    CVE-2025-40597

    A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 7.3

    HIGH
    CVE-2025-40596

    A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 6.3

    MEDIUM
    CVE-2025-36117

    IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.... Read more

    Affected Products : db2_mirror_for_i
    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 6.3

    MEDIUM
    CVE-2025-36116

    IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection ... Read more

    Affected Products : db2_mirror_for_i
    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-33077

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 8.8

    HIGH
    CVE-2025-33076

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 07, 2025

  • 7.5

    HIGH
    CVE-2025-33020

    IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.... Read more

    • Published: Jul. 23, 2025
    • Modified: Aug. 11, 2025

  • 6.3

    MEDIUM
    CVE-2025-54090

    A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.... Read more

    Affected Products : http_server
    • Published: Jul. 23, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-46099

    In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter.... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025

  • 9.1

    CRITICAL
    CVE-2025-40599

    An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code ... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291058 Results