Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-32740

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025

  • 7.6

    HIGH
    CVE-2024-32742

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gai... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-34191

    htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : htmly
    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-31510

    An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.... Read more

    Affected Products : liboqs
    • Published: May. 24, 2024
    • Modified: Aug. 20, 2025

  • 5.9

    MEDIUM
    CVE-2024-39150

    vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.... Read more

    Affected Products : vditor
    • Published: Jul. 05, 2024
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2024-36405

    liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled... Read more

    Affected Products : liboqs
    • Published: Jun. 10, 2024
    • Modified: Aug. 20, 2025

  • 5.3

    MEDIUM
    CVE-2024-56342

    IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.... Read more

    • Published: Jun. 06, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-56343

    IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.... Read more

    • Published: Jun. 06, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-55567

    Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary... Read more

    Affected Products : insydeh2o
    • Published: Jun. 12, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-6052

    A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when i... Read more

    Affected Products : glib
    • Published: Jun. 13, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-33108

    IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-con... Read more

    Affected Products : i i
    • Published: Jun. 14, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-50404

    Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fiel... Read more

    Affected Products : rx_1500_firmware rx_1500
    • Published: Jul. 01, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-50405

    Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.... Read more

    Affected Products : rx_1500_firmware rx_1500
    • Published: Jul. 01, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-6017

    A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. Thi... Read more

    • Published: Jul. 02, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    HIGH
    CVE-2025-7077

    A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer over... Read more

    • Published: Jul. 06, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2024-43190

    IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.... Read more

    • Published: Jul. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-27907

    A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attack... Read more

    Affected Products : simcenter_femap
    • Published: Mar. 12, 2024
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2024-32055

    A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execut... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2024-32057

    A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (Z... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025

  • 7.8

    HIGH
    CVE-2024-32058

    A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the curren... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 20, 2025
Showing 20 of 291395 Results