Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-5399

    Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the ... Read more

    Affected Products : curl
    • Published: Jun. 07, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2025-0665

    libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.... Read more

    • Published: Feb. 05, 2025
    • Modified: Jul. 30, 2025

  • 6.2

    MEDIUM
    CVE-2025-31181

    A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025

  • 6.2

    MEDIUM
    CVE-2025-31180

    A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025

  • 6.2

    MEDIUM
    CVE-2025-31179

    A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025

  • 6.2

    MEDIUM
    CVE-2025-31178

    A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025

  • 6.2

    MEDIUM
    CVE-2025-31176

    A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.... Read more

    Affected Products : enterprise_linux gnuplot
    • Published: Mar. 27, 2025
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2024-9858

    There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" com... Read more

    Affected Products : migrate_to_containers
    • Published: Oct. 16, 2024
    • Modified: Jul. 30, 2025

  • 7.2

    HIGH
    CVE-2023-0669

    Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.... Read more

    Affected Products : goanywhere_managed_file_transfer
    • Actively Exploited
    • EPSS Score: %94.38
    • Published: Feb. 06, 2023
    • Modified: Jul. 30, 2025

  • 3.3

    LOW
    CVE-2023-26083

    Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Dri... Read more

    • Actively Exploited
    • EPSS Score: %0.36
    • Published: Apr. 06, 2023
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2023-35674

    In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Actively Exploited
    • EPSS Score: %0.06
    • Published: Sep. 11, 2023
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-20353

    A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, result... Read more

    • Actively Exploited
    • Published: Apr. 24, 2024
    • Modified: Jul. 30, 2025

  • 6.0

    MEDIUM
    CVE-2024-20359

    A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticat... Read more

    • Actively Exploited
    • Published: Apr. 24, 2024
    • Modified: Jul. 30, 2025

  • 8.6

    HIGH
    CVE-2024-24919

    Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available... Read more

    • Actively Exploited
    • Published: May. 28, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-3273

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET ... Read more

    • Actively Exploited
    • Published: Apr. 04, 2024
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2024-51378

    getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which... Read more

    Affected Products : cyberpanel
    • Actively Exploited
    • Published: Oct. 29, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-58136

    Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.... Read more

    Affected Products : yii
    • Actively Exploited
    • Published: Apr. 10, 2025
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2025-20281

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2025-32433

    Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH pr... Read more

    • Actively Exploited
    • Published: Apr. 16, 2025
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-34171

    Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 30, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 291058 Results