Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-8537

    A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resou... Read more

    Affected Products : bento4
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-54870

    VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-54795

    Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-20151

    A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the dev... Read more

    Affected Products : ios_xe_sd-wan
    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-53541

    Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some ... Read more

    Affected Products : tuleap
    • Published: Jul. 29, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-45657

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-20137

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulner... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2022-20846

    A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is... Read more

    Affected Products : ios_xr
    • Published: Nov. 15, 2024
    • Modified: Aug. 05, 2025

  • 7.5

    HIGH
    CVE-2024-43187

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cryptography

  • 3.5

    LOW
    CVE-2025-49462

    Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-40700

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49463

    Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2024-45659

    IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the syste... Read more

    • Published: Feb. 04, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-49464

    Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2024-39826

    Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.... Read more

    • Published: Jul. 15, 2024
    • Modified: Aug. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-30665

    NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.... Read more

    • Published: May. 14, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2024-39827

    Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access.... Read more

    Affected Products : workplace_desktop
    • Published: Jul. 15, 2024
    • Modified: Aug. 05, 2025

  • 6.5

    MEDIUM
    CVE-2025-30666

    NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.... Read more

    • Published: May. 14, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-46788

    Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.... Read more

    Affected Products : workplace_desktop
    • Published: Jul. 10, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2024-27238

    Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.... Read more

    • Published: Jul. 15, 2024
    • Modified: Aug. 05, 2025
Showing 20 of 291401 Results