Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-5514

    Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and preve... Read more

    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-49845

    Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`... Read more

    Affected Products : discourse
    • Published: Jun. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-48062

    Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in t... Read more

    Affected Products : discourse
    • Published: Jun. 09, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-48954

    Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the... Read more

    Affected Products : discourse
    • Published: Jun. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-8023

    Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path com... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2024-38864

    Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data.... Read more

    Affected Products : checkmk windows checkmk
    • Published: Dec. 19, 2024
    • Modified: Aug. 25, 2025

  • 7.4

    HIGH
    CVE-2024-6572

    Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic... Read more

    Affected Products : checkmk checkmk
    • Published: Sep. 09, 2024
    • Modified: Aug. 25, 2025

  • 6.3

    MEDIUM
    CVE-2025-3506

    Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.... Read more

    Affected Products : checkmk checkmk
    • Published: May. 08, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-20306

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating sys... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-20148

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due t... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-20218

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insuff... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-1050

    Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The s... Read more

    Affected Products : s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-20235

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnera... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1049

    Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. ... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-20302

    A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization ... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-20301

    A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization che... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-1048

    Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit... Read more

    Affected Products : s1 s2 era_300_firmware era_300
    • Published: Apr. 23, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-20127

    A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow a... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-46849

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-46852

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293353 Results