Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-54172

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user t... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-4821

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by ... Read more

    Affected Products : quiche
    • Published: Jun. 18, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-4820

    Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by ... Read more

    Affected Products : quiche
    • Published: Jun. 18, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-44952

    A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-44951

    A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32... Read more

    Affected Products : open5gs
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-36049

    IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: XML External Entity

  • 7.2

    HIGH
    CVE-2025-36048

    IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.... Read more

    • Published: Jun. 18, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-54183

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alte... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2025-6240

    Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.... Read more

    Affected Products :
    • Published: Jun. 18, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-46109

    SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request... Read more

    Affected Products : pbootcms
    • Published: Jun. 18, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-45786

    Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.... Read more

    Affected Products : real_estate_management
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-49015

    The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by defau... Read more

    Affected Products : .net_sdk
    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-46157

    An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form... Read more

    Affected Products : timetrax
    • Published: Jun. 18, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-45784

    D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis t... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cryptography

  • 5.9

    MEDIUM
    CVE-2025-45661

    A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php.... Read more

    Affected Products : minitcg
    • Published: Jun. 18, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-6220

    The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated atta... Read more

    • Published: Jun. 18, 2025
    • Modified: Jul. 09, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2022-50232

    In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large ref... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50231

    In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neo... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50230

    In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large ref... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50229

    In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will free the 'bcd2k->midi_out_urb' before killing it, which may... Read more

    Affected Products : linux_kernel
    • Published: Jun. 18, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292803 Results