Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.7

HIGH

CVE-2025-1036

Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root ...

Affected Products : tropos_4th_gen
Published: Oct. 28, 2025

Modified: Oct. 30, 2025

Vuln Type: Injection
8.7

HIGH

CVE-2025-53856

When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to t...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-54854

When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...

Affected Products : big-ip_access_policy_manager
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customer...

Affected Products : eve_x1_server_firmware eve_x1_server
Published: Oct. 16, 2025

Modified: Oct. 23, 2025

Vuln Type: Path Traversal
8.7

HIGH

CVE-2025-59271

Redis Enterprise Elevation of Privilege Vulnerability...

Affected Products : azure_cache_for_redis_enterprise azure_managed_redis azure_cache_for_redis
Published: Oct. 09, 2025

Modified: Oct. 17, 2025
8.7

HIGH

CVE-2025-53474

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-59964

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is ...

Affected Products : junos
Published: Oct. 09, 2025

Modified: Oct. 14, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-61779

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was...

Affected Products :
Published: Oct. 09, 2025

Modified: Oct. 14, 2025

Vuln Type: Authentication
8.7

HIGH

CVE-2025-10556

A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser...

Affected Products : 3dexperience_enovia
Published: Oct. 13, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
8.7

HIGH

CVE-2025-46706

When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Memory Corruption
8.7

HIGH

CVE-2025-10150

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

Affected Products : smartlink_hw-dp smartlink_hw-pn
Published: Oct. 28, 2025

Modified: Oct. 30, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2012-10063

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowi...

Affected Products : xi
Published: Oct. 30, 2025

Modified: Nov. 04, 2025

Vuln Type: Injection
8.7

HIGH

CVE-2025-41109

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with ...

Affected Products : vision_60_firmware vision_60
Published: Oct. 22, 2025

Modified: Oct. 31, 2025

Vuln Type: Authentication
8.7

HIGH

CVE-2025-58071

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2020-36869

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply ...

Affected Products : xi
Published: Oct. 30, 2025

Modified: Nov. 04, 2025

Vuln Type: Injection
8.7

HIGH

CVE-2025-61990

When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +14 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2024-14004

Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration s...

Affected Products : xi
Published: Oct. 30, 2025

Modified: Nov. 04, 2025

Vuln Type: Authorization
8.7

HIGH

CVE-2016-15050

Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authentica...

Affected Products : xi
Published: Oct. 30, 2025

Modified: Nov. 04, 2025

Vuln Type: Injection
8.7

HIGH

CVE-2025-10552

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session....

Affected Products : 3dexperience
Published: Oct. 13, 2025

Modified: Oct. 14, 2025

Vuln Type: Cross-Site Scripting
8.7

HIGH

CVE-2025-41067

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and render...

Affected Products : open5gs open5gs
Published: Oct. 27, 2025

Modified: Oct. 29, 2025

Vuln Type: Denial of Service

Showing 20 of 3913 Results

Browse by Apps

Latest CVE Feed

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

8.7

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable