Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2024-14004

    Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration s... Read more

    Affected Products : xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-54459

    Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session... Read more

    Affected Products : hospital_manager_backend_services
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-41345

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasByI... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41344

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-60016

    When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microke... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-61689

    HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-62714

    Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g.,... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-41343

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-22167

    This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2016-15050

    Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authentica... Read more

    Affected Products : xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-11362

    Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing c... Read more

    Affected Products : pdfmake pdfmake
    • Published: Oct. 07, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2020-36869

    Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply ... Read more

    Affected Products : xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-46706

    When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-41335

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-53474

    When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-34298

    Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to ema... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41337

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-62614

    BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thu... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-58120

    When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-34517

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that custome... Read more

    • Published: Oct. 16, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3917 Results