Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-0136

    Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls (PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series) leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall th... Read more

    Affected Products : pan-os
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-46786

    Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2024-46895

    Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-3833

    Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2024-45332

    Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disc... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-8988

    The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it po... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-0133

    A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when t... Read more

    Affected Products : pan-os
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0134

    A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.... Read more

    Affected Products : cortex_xdr_broker_vm
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-0130

    A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Re... Read more

    Affected Products : pan-os
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-0137

    An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. Th... Read more

    Affected Products : pan-os
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-20004

    Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-20104

    Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2024-56006

    Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1.... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-44879

    WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-4591

    The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.9

    LOW
    CVE-2025-27525

    Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through ... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.6

    MEDIUM
    CVE-2025-25370

    An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.... Read more

    Affected Products :
    • Published: May. 14, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-48027

    The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-32002

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier when 'Remote Link3 function' is enabled. If exploited, a remote una... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 6.2

    MEDIUM
    CVE-2025-4737

    Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cryptography
Showing 20 of 293414 Results