Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-51503

    A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.... Read more

    Affected Products : microweber cockpit
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-34327

    Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.... Read more

    Affected Products : anyware
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-24497

    When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 7.6

    HIGH
    CVE-2025-52203

    A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious Jav... Read more

    Affected Products : project_management
    • Published: Jul. 31, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-52187

    GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.... Read more

    Affected Products : create_school_management_system
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8454

    It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is... Read more

    Affected Products : devscripts
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-51954

    playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : ai_playground
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-4674

    The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contai... Read more

    Affected Products : go
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-43276

    A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025

  • 8.7

    HIGH
    CVE-2012-10034

    ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outsi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2012-10033

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This functi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2012-10029

    Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execut... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2024-28883

    An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Supp... Read more

    • Published: May. 08, 2024
    • Modified: Aug. 06, 2025

  • 3.9

    LOW
    CVE-2015-0849

    pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.... Read more

    Affected Products : pycode-browser
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2015-0843

    yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2015-0842

    yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-20120

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user ... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-20374

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute ar... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 06, 2025

  • 4.3

    MEDIUM
    CVE-2021-34750

    A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege c... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2024-20330

    A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cau... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 06, 2025
Showing 20 of 291368 Results