Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-36090

    IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message.... Read more

    Affected Products : analytics_content_hub
    • Published: Jul. 10, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-27614

    Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 3.6

    LOW
    CVE-2025-27613

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support ... Read more

    Affected Products : git
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-39752

    IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, an... Read more

    Affected Products : analytics_content_hub
    • Published: Jul. 10, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-38327

    IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.... Read more

    Affected Products : analytics_content_hub
    • Published: Jul. 10, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-37524

    IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.... Read more

    Affected Products : analytics_content_hub
    • Published: Jul. 10, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-7425

    A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID ... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7424

    A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-7407

    A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack rem... Read more

    Affected Products : d6400_firmware d6400
    • Published: Jul. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-36697

    A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6211

    A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks conta... Read more

    Affected Products : llamaindex
    • Published: Jul. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-5040

    A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the cur... Read more

    Affected Products : revit
    • Published: Jul. 10, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-5037

    A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    Affected Products : revit
    • Published: Jul. 10, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-32990

    A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer wr... Read more

    • Published: Jul. 10, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2024-7650

    Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4.... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-6948

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by inj... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-6168

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-5023

    Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the pr... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-5022

    Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the produ... Read more

    Affected Products :
    • Published: Jul. 10, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-4972

    An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group... Read more

    Affected Products : gitlab
    • Published: Jul. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization
Showing 20 of 291394 Results