Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-37070

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.... Read more

    Affected Products : linux_kernel concert concert_software
    • Published: Nov. 19, 2024
    • Modified: Jul. 18, 2025

  • 6.1

    MEDIUM
    CVE-2024-41785

    IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti... Read more

    Affected Products : concert
    • Published: Nov. 15, 2024
    • Modified: Jul. 18, 2025

  • 5.9

    MEDIUM
    CVE-2024-43189

    IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information u... Read more

    Affected Products : concert
    • Published: Nov. 15, 2024
    • Modified: Jul. 18, 2025

  • 6.7

    MEDIUM
    CVE-2025-24477

    A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command... Read more

    Affected Products : fortios
    • Published: Jul. 15, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-7553

    A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is possible to initiate... Read more

    Affected Products : dir-818lw_firmware dir-818lw
    • Published: Jul. 14, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-26211

    Gibbon before 29.0.00 allows CSRF.... Read more

    Affected Products : gibbon
    • Published: May. 27, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.0

    HIGH
    CVE-2025-6112

    A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may b... Read more

    Affected Products : fh1205_firmware fh1205
    • Published: Jun. 16, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-6131

    A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaur... Read more

    Affected Products : food_ordering_system
    • Published: Jun. 16, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-6329

    A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID l... Read more

    Affected Products : real_estate_management_system
    • Published: Jun. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-6335

    A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injec... Read more

    Affected Products : dedecms
    • Published: Jun. 20, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-52985

    A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgm... Read more

    Affected Products : junos_os_evolved
    • Published: Jul. 11, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-6713

    An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. Th... Read more

    Affected Products : mongodb
    • Published: Jul. 07, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-49719

    Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-49718

    Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : sql_server_2019 sql_server_2022
    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-49717

    Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.... Read more

    Affected Products : sql_server_2019 sql_server_2022
    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49740

    Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-49742

    Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-49744

    Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49753

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-2591

    A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwid... Read more

    Affected Products : assimp
    • Published: Mar. 21, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291358 Results