Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-1491

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.5

    MEDIUM
    CVE-2021-1484

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper inpu... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.4

    MEDIUM
    CVE-2021-1483

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML Ext... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.4

    MEDIUM
    CVE-2021-1482

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2021-1481

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.1

    MEDIUM
    CVE-2024-34074

    Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is... Read more

    Affected Products : frappe
    • Published: May. 14, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2021-1466

    A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.3

    MEDIUM
    CVE-2024-4067

    The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payloa... Read more

    Affected Products : micromatch
    • Published: May. 14, 2024
    • Modified: Aug. 04, 2025

  • 5.0

    MEDIUM
    CVE-2021-1464

    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025

  • 4.3

    MEDIUM
    CVE-2021-1465

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerabili... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 6.7

    MEDIUM
    CVE-2021-1462

    A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an af... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2020-26074

    A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path ... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 7.5

    HIGH
    CVE-2020-26073

    A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal charac... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 6.5

    MEDIUM
    CVE-2025-20187

    A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper valid... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-20213

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attack... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-4068

    The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, whic... Read more

    Affected Products : braces braces
    • Published: May. 14, 2024
    • Modified: Aug. 04, 2025

  • 7.4

    HIGH
    CVE-2024-25079

    A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-20394

    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An a... Read more

    Affected Products : appdynamics_controller appdynamics
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-33625

    CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.5

    MEDIUM
    CVE-2020-26066

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML Exte... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025
Showing 20 of 291275 Results