Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-53397

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially l... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-24013

    CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functi... Read more

    Affected Products : codeigniter
    • Published: Jan. 20, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-53509

    A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a comman... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-6213

    The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppp_preload_cache_on_update' function. This is due to insufficient sanitization of the $_SERVER['HTTP_REFERERER... Read more

    Affected Products :
    • Published: Jul. 22, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-1634

    A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application cr... Read more

    Affected Products :
    • Published: Feb. 26, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-53515

    A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not ... Read more

    Affected Products : iview
    • Published: Jul. 11, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-30671

    Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-30670

    Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-27443

    Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.... Read more

    • Published: Apr. 08, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-30223

    Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows atta... Read more

    Affected Products : beego
    • Published: Mar. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-25291

    ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2023-20060

    A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because th... Read more

    Affected Products : prime_collaboration_deployment
    • Published: Nov. 15, 2024
    • Modified: Aug. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-20310

    A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the ... Read more

    • Published: Apr. 03, 2024
    • Modified: Aug. 01, 2025

  • 8.6

    HIGH
    CVE-2025-20146

    A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remo... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2020-27124

    A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulne... Read more

    • Published: Nov. 18, 2024
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2025-53712

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53713

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result i... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53714

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and res... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53715

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result ... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Jul. 29, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2024-20494

    A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulti... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 01, 2025
Showing 20 of 291368 Results