Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2025-47933

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the re... Read more

    Affected Products : argo-cd argo_cd
    • Published: May. 29, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-47288

    Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. Thi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-3050

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2518

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-54952

    MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Se... Read more

    Affected Products : routeros
    • Published: May. 29, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-49350

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query... Read more

    Affected Products : db2
    • Published: May. 29, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-5324

    A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible t... Read more

    Affected Products : gpu-z
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-48336

    Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.This issue affects Course Builder: from n/a before 3.6.6.... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-46701

    Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 1... Read more

    Affected Products : tomcat
    • Published: May. 29, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-32752

    Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more

    Affected Products : thinos
    • Published: May. 29, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-5323

    A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-46823

    openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have be... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-29632

    Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components... Read more

    Affected Products : free5gc
    • Published: May. 29, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2024-53423

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.... Read more

    Affected Products : onos
    • Published: May. 29, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2023-41591

    An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts.... Read more

    Affected Products : onos
    • Published: May. 29, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-48475

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user ... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-46722

    vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing metho... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2025-46570

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2024-51392

    An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-48474

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conv... Read more

    Affected Products : freescout
    • Published: May. 29, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 291741 Results