Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-3273

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET ... Read more

    • Actively Exploited
    • Published: Apr. 04, 2024
    • Modified: Jul. 30, 2025

  • 10.0

    CRITICAL
    CVE-2024-51378

    getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which... Read more

    Affected Products : cyberpanel
    • Actively Exploited
    • Published: Oct. 29, 2024
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2024-58136

    Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.... Read more

    Affected Products : yii
    • Actively Exploited
    • Published: Apr. 10, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-20281

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jun. 25, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-32433

    Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH pr... Read more

    • Actively Exploited
    • Published: Apr. 16, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2024-34171

    Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.... Read more

    Affected Products : monitouch_v-sft
    • Published: May. 30, 2024
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2024-20389

    A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is ... Read more

    • Published: May. 16, 2024
    • Modified: Jul. 30, 2025

  • 4.4

    MEDIUM
    CVE-2025-6241

    LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts to load several DLL files which are not present in the default installation. If a user-writable directory is present in the SYSTEM PATH environment variable, the user can write a malic... Read more

    Affected Products :
    • Published: Jul. 27, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-20307

    A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability i... Read more

    • Published: Jul. 02, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2021-25297

    Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP... Read more

    Affected Products : nagios_xi
    • Actively Exploited
    • EPSS Score: %54.52
    • Published: Feb. 15, 2021
    • Modified: Jul. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-20261

    A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive fi... Read more

    Affected Products : firepower_threat_defense
    • Published: May. 22, 2024
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2021-30663

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execut... Read more

    Affected Products : macos iphone_os tvos safari ipados macos
    • Actively Exploited
    • EPSS Score: %0.28
    • Published: Sep. 08, 2021
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2021-40539

    Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.... Read more

    Affected Products : manageengine_adselfservice_plus
    • Actively Exploited
    • EPSS Score: %94.42
    • Published: Sep. 07, 2021
    • Modified: Jul. 30, 2025

  • 7.8

    HIGH
    CVE-2022-0847

    A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could u... Read more

    • Actively Exploited
    • EPSS Score: %82.65
    • Published: Mar. 10, 2022
    • Modified: Jul. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-24990

    TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.... Read more

    • Actively Exploited
    • EPSS Score: %94.40
    • Published: Feb. 07, 2023
    • Modified: Jul. 30, 2025

  • 4.8

    MEDIUM
    CVE-2025-6050

    Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before includi... Read more

    Affected Products : mezzanine
    • Published: Jun. 17, 2025
    • Modified: Jul. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2022-27926

    A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.... Read more

    Affected Products : collaboration
    • Actively Exploited
    • EPSS Score: %94.28
    • Published: Apr. 21, 2022
    • Modified: Jul. 30, 2025

  • 8.8

    HIGH
    CVE-2022-33891

    The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path ... Read more

    Affected Products : spark
    • Actively Exploited
    • EPSS Score: %93.10
    • Published: Jul. 18, 2022
    • Modified: Jul. 30, 2025

  • 9.6

    CRITICAL
    CVE-2022-3075

    Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Actively Exploited
    • EPSS Score: %2.04
    • Published: Sep. 26, 2022
    • Modified: Jul. 30, 2025

  • 5.8

    MEDIUM
    CVE-2024-20293

    A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offere... Read more

    • Published: May. 22, 2024
    • Modified: Jul. 30, 2025
Showing 20 of 291806 Results