Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2024-20400

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request paramete... Read more

    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2025-2258

    In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Leng... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2259

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one pack... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-10838

    An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, whi... Read more

    Affected Products : cyclone_data_distribution_service
    • Published: Mar. 12, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-0728

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller tha... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-0727

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one pack... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-0726

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 ... Read more

    Affected Products : threadx_netx_duo
    • Published: Feb. 21, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-2260

    In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 ... Read more

    Affected Products : threadx_netx_duo
    • Published: Apr. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2024-13009

    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-1948

    In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to alloca... Read more

    Affected Products : jetty
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-39753

    An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system... Read more

    Affected Products : apex_one
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2024-48904

    An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.... Read more

    Affected Products : cloud_edge
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 7.1

    HIGH
    CVE-2025-5791

    A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-41183

    Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.... Read more

    Affected Products : vpn
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025

  • 9.8

    CRITICAL
    CVE-2025-4447

    In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.... Read more

    Affected Products : openj9
    • Published: May. 09, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-6705

    A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token.... Read more

    Affected Products : open_vsx
    • Published: Jun. 27, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2024-12704

    A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen m... Read more

    Affected Products : llamaindex
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-1750

    An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on t... Read more

    Affected Products : llamaindex
    • Published: Jun. 02, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-20396

    A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handler... Read more

    Affected Products : webex_teams
    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2024-48903

    An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t... Read more

    Affected Products : windows deep_security_agent
    • Published: Oct. 22, 2024
    • Modified: Jul. 31, 2025
Showing 20 of 291782 Results