Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-52187

    GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.... Read more

    Affected Products : create_school_management_system
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8454

    It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is... Read more

    Affected Products : devscripts
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-51954

    playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : ai_playground
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-4674

    The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contai... Read more

    Affected Products : go
    • Published: Jul. 29, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-43276

    A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.... Read more

    Affected Products : macos
    • Published: Jul. 30, 2025
    • Modified: Aug. 06, 2025

  • 8.7

    HIGH
    CVE-2012-10034

    ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outsi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2012-10033

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This functi... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2012-10029

    Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execut... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 7.4

    HIGH
    CVE-2024-28883

    An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Supp... Read more

    • Published: May. 08, 2024
    • Modified: Aug. 06, 2025

  • 3.9

    LOW
    CVE-2015-0849

    pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.... Read more

    Affected Products : pycode-browser
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025

  • 9.8

    CRITICAL
    CVE-2015-0843

    yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2015-0842

    yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.... Read more

    Affected Products : yubiserver
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-20120

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user ... Read more

    • Published: Apr. 02, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-20374

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute ar... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 06, 2025

  • 4.3

    MEDIUM
    CVE-2021-34750

    A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege c... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 06, 2025

  • 8.6

    HIGH
    CVE-2024-20330

    A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cau... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 06, 2025

  • 4.8

    MEDIUM
    CVE-2025-8586

    A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It ... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-8585

    A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2013-10063

    A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting travers... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2013-10061

    An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neu... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection
Showing 20 of 291638 Results