Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-20187

    A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper valid... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-20213

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attack... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-4068

    The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, whic... Read more

    Affected Products : braces braces
    • Published: May. 14, 2024
    • Modified: Aug. 04, 2025

  • 7.4

    HIGH
    CVE-2024-25079

    A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.... Read more

    Affected Products : insydeh2o
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 5.5

    MEDIUM
    CVE-2024-20394

    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An a... Read more

    Affected Products : appdynamics_controller appdynamics
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-33625

    CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 6.5

    MEDIUM
    CVE-2020-26066

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML Exte... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 18, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2024-34025

    CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.... Read more

    Affected Products : powerpanel
    • Published: May. 15, 2024
    • Modified: Aug. 04, 2025

  • 7.5

    HIGH
    CVE-2024-10382

    There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java des... Read more

    Affected Products : android car androidx.car.app
    • Published: Nov. 20, 2024
    • Modified: Aug. 04, 2025

  • 7.8

    HIGH
    CVE-2025-2297

    Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile... Read more

    Affected Products : privilege_management_for_windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-6250

    Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any pr... Read more

    Affected Products : privilege_management_for_windows
    • Published: Jul. 28, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-24853

    A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki t... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-24854

    A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWi... Read more

    Affected Products : jspwiki
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-47001

    Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more

    • Published: Jul. 30, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-43712

    JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value... Read more

    Affected Products : jhipster
    • Published: Jul. 25, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20145

    A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incor... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20144

    A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a sp... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-46059

    langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this i... Read more

    Affected Products :
    • Published: Jul. 29, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-8220

    A vulnerability classified as critical has been found in Engeman Web up to 12.0.0.1. Affected is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of Cook... Read more

    Affected Products :
    • Published: Jul. 27, 2025
    • Modified: Aug. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-13972

    A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.... Read more

    Affected Products :
    • Published: Jul. 17, 2025
    • Modified: Aug. 03, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291384 Results