Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-20181

    A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute pe... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.0

    HIGH
    CVE-2025-20298

    In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by d... Read more

    Affected Products : windows universal_forwarder
    • Published: Jun. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-52997

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication proce... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-52996

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in po... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-52901

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as... Read more

    Affected Products : filebrowser
    • Published: Jun. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-32711

    Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.... Read more

    Affected Products : 365_copilot
    • Published: Jun. 11, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-38002

    IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.... Read more

    Affected Products : storage_scale
    • Published: Apr. 30, 2024
    • Modified: Aug. 04, 2025

  • 6.7

    MEDIUM
    CVE-2024-20456

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, ... Read more

    Affected Products : ios_xr 8201 8202 8101-32fh 8102-64h 8201-32fh 8804 8808 8812 8818 +49 more products
    • Published: Jul. 10, 2024
    • Modified: Aug. 04, 2025

  • 6.9

    MEDIUM
    CVE-2025-54422

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passw... Read more

    Affected Products : sandboxie sandboxie
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-46716

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-46715

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.2

    CRITICAL
    CVE-2024-49360

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folde... Read more

    Affected Products : sandboxie sandboxie
    • Published: Nov. 29, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-46714

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extre... Read more

    Affected Products : sandboxie sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-46713

    Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that wou... Read more

    Affected Products : sandboxie
    • Published: May. 22, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2020-25412

    com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.... Read more

    Affected Products : gnuplot gnuplot
    • EPSS Score: %0.68
    • Published: Sep. 16, 2020
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-52361

    Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is execut... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2019-19144

    XML External Entity Injection vulnerability in Quantum DXi6702 2.3.0.3 (11449-53631 Build304) devices via rest/Users?action=authenticate.... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: XML External Entity

  • 6.1

    MEDIUM
    CVE-2024-20512

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface... Read more

    • Published: Oct. 16, 2024
    • Modified: Aug. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-52597

    2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allo... Read more

    Affected Products : 2fauth
    • Published: Nov. 20, 2024
    • Modified: Aug. 04, 2025

  • 8.1

    HIGH
    CVE-2025-54955

    OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT... Read more

    Affected Products : opennebula
    • Published: Aug. 03, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Race Condition
Showing 20 of 291312 Results