Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2025-20225

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, re... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-20254

    A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2008-0992

    Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-0898

    The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass int... Read more

    Affected Products : weblogic_server
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2025-26335

    Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information ... Read more

    Affected Products : powerprotect_cyber_recovery
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2019-19667

    A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html.... Read more

    Affected Products : rumpus rumpus_ftp
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2025-5695

    A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The mani... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: Jun. 05, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2019-19610

    An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0.... Read more

    Affected Products : raquest
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2025-0741

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_me... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-0742

    An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>".... Read more

    Affected Products :
    • Published: Jan. 30, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-22720

    Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.1.... Read more

    Affected Products : booking_\&_rental_manager
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2024-6437

    On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options m... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2025-31558

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress allows Retrieve Embedded Sensitive Data. This issue affects TailPress: from n/a through 0.4.4.... Read more

    Affected Products :
    • Published: Apr. 03, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 5.8

    MEDIUM
    CVE-2025-39580

    Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-6299

    A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the at... Read more

    Affected Products : n150rt_firmware n150rt
    • Published: Jun. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-23041

    Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2... Read more

    Affected Products : umbraco_forms
    • Published: Jan. 14, 2025
    • Modified: Sep. 19, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-8265

    A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the atta... Read more

    Affected Products :
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2008-0393

    Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.... Read more

    Affected Products : gradman
    • Published: Jan. 23, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-19145

    Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account because there are only 65536 possible passwords.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2011-4968

    nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)... Read more

    Affected Products : debian_linux nginx
    • Published: Nov. 19, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294842 Results