Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-21546

    Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.... Read more

    Affected Products : laravel-filemanager
    • Published: Dec. 18, 2024
    • Modified: Aug. 26, 2025

  • 5.1

    MEDIUM
    CVE-2024-20853

    Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.... Read more

    Affected Products :
    • Published: Apr. 02, 2024
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-20345

    A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-s... Read more

    Affected Products : appdynamics_controller appdynamics
    • Published: Mar. 06, 2024
    • Modified: Aug. 26, 2025

  • 5.5

    MEDIUM
    CVE-2024-20332

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to ... Read more

    Affected Products : identity_services_engine
    • Published: Apr. 03, 2024
    • Modified: Aug. 26, 2025

  • 7.4

    HIGH
    CVE-2024-20312

    A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. Thi... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 27, 2024
    • Modified: Aug. 26, 2025

  • 7.1

    HIGH
    CVE-2024-1714

    An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request.... Read more

    Affected Products : identityiq
    • Published: Feb. 21, 2024
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2024-1587

    The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and p... Read more

    Affected Products : newsmatic
    • Published: Apr. 09, 2024
    • Modified: Aug. 26, 2025

  • 9.0

    HIGH
    CVE-2024-13129

    A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command i... Read more

    Affected Products :
    • Published: Jan. 03, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-12569

    Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-26467

    Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting d... Read more

    Affected Products : cassandra
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-46411

    A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-48005

    A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a mal... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-52461

    An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trig... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-29420

    PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.... Read more

    Affected Products : perfreeblog
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-29421

    PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.... Read more

    Affected Products : perfreeblog
    • Published: Aug. 25, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-7715

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1.... Read more

    Affected Products : block_attributes
    • Published: Jul. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-7716

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS).This issue affects Real-time SEO for Drupal: from 2.0.0 before 2.2.0.... Read more

    Affected Products : real-time_seo
    • Published: Jul. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-7717

    Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1.... Read more

    Affected Products : file_download
    • Published: Jul. 21, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-6174

    When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.... Read more

    Affected Products : cloud-init
    • Published: Jun. 26, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-2337

    A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exp... Read more

    Affected Products : matio
    • Published: Mar. 16, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293298 Results