Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8253

    A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate ... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-8255

    A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may b... Read more

    Affected Products : exam_form_submission
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025

  • 7.4

    HIGH
    CVE-2025-20140

    A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is du... Read more

    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025

  • 7.4

    HIGH
    CVE-2024-20303

    A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improp... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2022-20931

    A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due t... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-1550

    The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules... Read more

    Affected Products : keras
    • Published: Mar. 11, 2025
    • Modified: Jul. 31, 2025

  • 8.6

    HIGH
    CVE-2025-20154

    A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS... Read more

    Affected Products : ios_xe ios ios_xr
    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025

  • 4.7

    MEDIUM
    CVE-2024-20400

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request paramete... Read more

    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-2258

    In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Leng... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-2259

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one pack... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025

  • 9.1

    CRITICAL
    CVE-2024-10838

    An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, whi... Read more

    Affected Products : cyclone_data_distribution_service
    • Published: Mar. 12, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-0728

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller tha... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-0727

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one pack... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-0726

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 ... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-2260

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 ... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025

  • 7.2

    HIGH
    CVE-2024-13009

    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-1948

    In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to alloca... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2024-39753

    An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system... Read more

    Affected Products : apex_one
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-48904

    An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.... Read more

    Affected Products : cloud_edge
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 7.1

    HIGH
    CVE-2025-5791

    A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jul. 31, 2025
Showing 20 of 291024 Results