Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-20138

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of use... Read more

    Affected Products : ios_xr
    • Published: Mar. 12, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-12225

    A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers pro... Read more

    Affected Products : quarkus
    • Published: May. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 8.0

    HIGH
    CVE-2025-30165

    vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a `SUB` ZeroMQ socket and connect to an `XPU... Read more

    Affected Products : vllm
    • Published: May. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-4374

    A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.... Read more

    Affected Products : quay
    • Published: May. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-8257

    A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads ... Read more

    Affected Products : lobby
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-12388

    A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. T... Read more

    Affected Products : gpt_academic
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-8211

    A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java. The manipulation leads to cross site ... Read more

    Affected Products : roothub
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-8256

    A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launc... Read more

    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-8207

    A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to impr... Read more

    Affected Products : ai1
    • Published: Jul. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-10912

    A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sendi... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 2.4

    LOW
    CVE-2025-0895

    IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.... Read more

    Affected Products : cognos_analytics_mobile
    • Published: Mar. 02, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-20119

    A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administra... Read more

    • Published: Feb. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Race Condition

  • 4.4

    MEDIUM
    CVE-2025-20118

    A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administra... Read more

    • Published: Feb. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8254

    A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be ini... Read more

    Affected Products : courier_management_system
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-20117

    A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administ... Read more

    • Published: Feb. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-20116

    A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability i... Read more

    • Published: Feb. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-0889

    Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation ... Read more

    Affected Products : privilege_management_for_windows
    • Published: Feb. 26, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-21106

    Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Feb. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-8261

    A vulnerability was found in Vaelsys 4.1.0 and classified as critical. This issue affects some unknown processing of the file /grid/vgrid_server.php of the component User Creation Handler. The manipulation leads to improper authorization. The attack may b... Read more

    Affected Products : vaelsys
    • Published: Jul. 28, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-21105

    Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action pe... Read more

    Affected Products : recoverpoint_for_virtual_machines
    • Published: Feb. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication
Showing 20 of 291773 Results