Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2015-0849

    pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.... Read more

    Affected Products : pycode-browser
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2015-0843

    yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2015-0842

    yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-20120

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user ... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-20374

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute ar... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 06, 2025

  • 4.3

    MEDIUM
    CVE-2021-34750

    A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege c... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2024-20330

    A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cau... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 06, 2025

  • 4.8

    MEDIUM
    CVE-2025-8586

    A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-8585

    A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2013-10063

    A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting travers... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2013-10061

    An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neu... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2013-10060

    An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via craft... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2013-10057

    A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec c... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2013-10049

    An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize u... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2013-10044

    An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file u... Read more

    Affected Products : openemr
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2024-47139

    A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.   Note: Software v... Read more

    Affected Products : big-iq_centralized_management
    • Published: Oct. 16, 2024
    • Modified: Aug. 06, 2025

  • 4.4

    MEDIUM
    CVE-2024-28132

    Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not e... Read more

    • Published: May. 08, 2024
    • Modified: Aug. 06, 2025

  • 7.8

    HIGH
    CVE-2024-2955

    T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : fedora wireshark
    • Published: Mar. 26, 2024
    • Modified: Aug. 06, 2025

  • 7.5

    HIGH
    CVE-2025-7962

    In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.... Read more

    Affected Products : jakarta_mail
    • Published: Jul. 21, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-24562

    vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised t... Read more

    Affected Products : vantage6-ui
    • Published: Mar. 14, 2024
    • Modified: Aug. 06, 2025
Showing 20 of 291570 Results