Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-6188

    On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do ... Read more

    Affected Products : eos
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-52450

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api - create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-3600

    In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.... Read more

    Affected Products : telerik_ui_for_asp.net_ajax
    • Published: May. 14, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2017-20199

    A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed f... Read more

    Affected Products : buttercup
    • Published: Aug. 16, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-6981

    An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. Th... Read more

    Affected Products : enterprise_server
    • Published: Jul. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-27920

    Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configur... Read more

    Affected Products : output_messenger
    • Actively Exploited
    • Published: May. 05, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-54068

    Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property upda... Read more

    Affected Products : livewire
    • Published: Jul. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-6107

    Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.... Read more

    Affected Products : metal_as_a_service
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-43093

    In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no a... Read more

    Affected Products : android
    • Actively Exploited
    • Published: Nov. 13, 2024
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-7775

    Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ... Read more

    • Actively Exploited
    • Published: Aug. 26, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-7392

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue affects Cookies Addons: from 1.0.0 before 1.2.4.... Read more

    Affected Products : cookies_addons
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-7393

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.... Read more

    Affected Products : mail_login
    • Published: Jul. 21, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-52885

    The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on... Read more

    • Published: Aug. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-5692

    The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possibl... Read more

    Affected Products : lead_form_data_collection_to_crm
    • Published: Jul. 02, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-2028

    Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs... Read more

    Affected Products : log_server
    • Published: Aug. 06, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-54878

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow v... Read more

    Affected Products : cryptolib
    • Published: Aug. 11, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-52566

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior i... Read more

    Affected Products : llama.cpp
    • Published: Jun. 24, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-49847

    llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker‐supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary‐loading code. Specifically, the helper _try_copy in llama.cpp/src/vocab.cp... Read more

    Affected Products : llama.cpp llama.cpp
    • Published: Jun. 17, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-52559

    Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-sit... Read more

    Affected Products : zulip zulip_server
    • Published: Jul. 02, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25202

    Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy _or_ are manually revoking token... Read more

    Affected Products : ash_authentication
    • Published: Feb. 11, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication
Showing 20 of 293510 Results