Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2021-47693

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object edi... Read more

    Affected Products : xi
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-1036

    Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root ... Read more

    Affected Products : tropos_4th_gen
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2023-7322

    Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the AP... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-6892

    An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative f... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-11898

    Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more

    Affected Products : agentflow
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-11573

    An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this ... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-61938

    When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repe... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-10150

    Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31... Read more

    Affected Products : smartlink_hw-dp smartlink_hw-pn
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2024-13994

    Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can... Read more

    Affected Products : xi
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-59728

    When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length,... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-48008

    When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions whic... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-54858

    When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate.  Note... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-11949

    EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.... Read more

    Affected Products : easyflow_.net
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-64103

    Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single... Read more

    Affected Products : zitadel
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-53521

    When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-53856

    When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to t... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-55036

    When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) ar... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-34271

    Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a resul... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-61990

    When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-10556

    A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser... Read more

    Affected Products : 3dexperience_enovia
    • Published: Oct. 13, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3951 Results