Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-26478

    Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.... Read more

    Affected Products : elastic_cloud_storage objectscale
    • Published: Apr. 17, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-20323

    A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This ... Read more

    Affected Products : inode_manager inode
    • Published: Jul. 17, 2024
    • Modified: Aug. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-6576

    Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3.... Read more

    Affected Products : moveit_transfer
    • Published: Jul. 29, 2024
    • Modified: Aug. 01, 2025

  • 8.6

    HIGH
    CVE-2024-20375

    A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 21, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2024-41344

    A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges.... Read more

    Affected Products : codeigniter
    • Published: Oct. 15, 2024
    • Modified: Aug. 01, 2025

  • 5.4

    MEDIUM
    CVE-2020-26067

    A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulne... Read more

    Affected Products : webex_teams
    • Published: Nov. 18, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2024-55885

    beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version... Read more

    Affected Products : beego
    • Published: Dec. 12, 2024
    • Modified: Aug. 01, 2025

  • 7.2

    HIGH
    CVE-2024-56137

    MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the... Read more

    Affected Products : maxkb
    • Published: Jan. 02, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 9.4

    CRITICAL
    CVE-2024-56320

    GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authe... Read more

    Affected Products : gocd
    • Published: Jan. 03, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-8182

    A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be in... Read more

    Affected Products : ac18_firmware ac18
    • Published: Jul. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-54583

    GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skip... Read more

    Affected Products : gitproxy
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-54584

    GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embed... Read more

    Affected Products : gitproxy
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-54585

    GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnera... Read more

    Affected Products : gitproxy
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2024-56321

    GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's... Read more

    Affected Products : gocd
    • Published: Jan. 03, 2025
    • Modified: Aug. 01, 2025

  • 7.1

    HIGH
    CVE-2025-54586

    GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” com... Read more

    Affected Products : gitproxy
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    HIGH
    CVE-2025-8017

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-bas... Read more

    Affected Products : ac7_firmware ac7
    • Published: Jul. 22, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8060

    A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to... Read more

    Affected Products : ac23_firmware ac23
    • Published: Jul. 23, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8178

    A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to laun... Read more

    Affected Products : ac10_firmware ac10
    • Published: Jul. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-51385

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-51384

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291275 Results