Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-27443

    Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-30223

    Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows atta... Read more

    Affected Products : beego
    • Published: Mar. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-25291

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2023-20060

    A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because th... Read more

    Affected Products : prime_collaboration_deployment
    • Published: Nov. 15, 2024
    • Modified: Aug. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-20310

    A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the ... Read more

    • Published: Apr. 03, 2024
    • Modified: Aug. 01, 2025

  • 8.6

    HIGH
    CVE-2025-20146

    A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remo... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2020-27124

    A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulne... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2025-53712

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53713

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result i... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53714

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and res... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53715

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result ... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2024-20494

    A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulti... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2025-53711

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a ... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2025-20142

    A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-52601

    iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, a... Read more

    Affected Products : itop
    • Published: May. 14, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-56157

    iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As ... Read more

    Affected Products : itop
    • Published: May. 14, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2025-24022

    iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.... Read more

    Affected Products : itop
    • Published: May. 14, 2025
    • Modified: Aug. 01, 2025

  • 5.3

    MEDIUM
    CVE-2025-24026

    iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular ... Read more

    Affected Products : itop
    • Published: May. 14, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-24785

    iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking... Read more

    Affected Products : itop
    • Published: May. 14, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-20325

    In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Jul. 07, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 291360 Results