Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-54465

    This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-54382

    Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-52585

    When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Soft... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2025-2182

    A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A use... Read more

    Affected Products : pan-os
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-53859

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request t... Read more

    Affected Products : nginx_plus nginx_open_source
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-1215

    A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local ... Read more

    Affected Products : vim bootstrap_os
    • Published: Feb. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2024-20344

    A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Conso... Read more

    • Published: Feb. 29, 2024
    • Modified: Aug. 13, 2025

  • 7.4

    HIGH
    CVE-2024-20354

    A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to... Read more

    • Published: Mar. 27, 2024
    • Modified: Aug. 13, 2025

  • 4.7

    MEDIUM
    CVE-2025-55014

    The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.... Read more

    Affected Products : stardict
    • Published: Aug. 04, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-46725

    Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious c... Read more

    Affected Products : langroid
    • Published: May. 20, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-47277

    vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine. No other configurations are affect... Read more

    Affected Products : vllm
    • Published: May. 20, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-2759

    GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privilege... Read more

    Affected Products : gstreamer
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-3881

    eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authe... Read more

    Affected Products : cph2_echarge_firmware cph2_echarge
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-3882

    eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Au... Read more

    Affected Products : cph2_echarge_firmware cph2_echarge
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2023-51549

    Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulne... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 03, 2024
    • Modified: Aug. 13, 2025

  • 8.8

    HIGH
    CVE-2025-3883

    eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authenticatio... Read more

    Affected Products : cph2_echarge_firmware cph2_echarge
    • Published: May. 22, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2021-34974

    Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability ... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 07, 2024
    • Modified: Aug. 13, 2025

  • 5.5

    MEDIUM
    CVE-2021-34973

    Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 07, 2024
    • Modified: Aug. 13, 2025

  • 5.5

    MEDIUM
    CVE-2021-34972

    Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnera... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 07, 2024
    • Modified: Aug. 13, 2025

  • 7.8

    HIGH
    CVE-2021-34971

    Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to explo... Read more

    Affected Products : windows pdf_editor pdf_reader
    • Published: May. 07, 2024
    • Modified: Aug. 13, 2025
Showing 20 of 292719 Results