Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-20184

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.12
    • Published: May. 18, 2023
    • Modified: Jul. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-20183

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.15
    • Published: May. 18, 2023
    • Modified: Jul. 23, 2025

  • 8.8

    HIGH
    CVE-2023-20055

    A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure ... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.77
    • Published: Mar. 23, 2023
    • Modified: Jul. 23, 2025

  • 7.6

    HIGH
    CVE-2025-53528

    Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably a... Read more

    Affected Products :
    • Published: Jul. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-47268

    ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.... Read more

    Affected Products : iputils iputils
    • Published: May. 05, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-29480

    Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.... Read more

    Affected Products : gdal
    • Published: Apr. 07, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 2.3

    LOW
    CVE-2024-23591

    ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel... Read more

    • Published: Feb. 16, 2024
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2024-20380

    A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker... Read more

    Affected Products : clamav
    • Published: Apr. 18, 2024
    • Modified: Jul. 23, 2025

  • 8.8

    HIGH
    CVE-2024-52961

    An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permissi... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2024-5899

    When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls Project... Read more

    • Published: Jun. 18, 2024
    • Modified: Jul. 23, 2025

  • 4.7

    MEDIUM
    CVE-2025-20223

    A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insuffici... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-20333

    A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to in... Read more

    Affected Products : dna_center catalyst_center
    • Published: Mar. 27, 2024
    • Modified: Jul. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-20328

    A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit ... Read more

    Affected Products : clamav
    • Published: Mar. 01, 2024
    • Modified: Jul. 23, 2025

  • 6.7

    MEDIUM
    CVE-2025-20308

    A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the ex... Read more

    Affected Products : dna_spaces\ spaces_connector
    • Published: Jul. 02, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2024-7401

    Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use ... Read more

    Affected Products : netskope
    • Published: Aug. 26, 2024
    • Modified: Jul. 23, 2025

  • 9.8

    CRITICAL
    CVE-2025-41663

    For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. To get into such a position, clients would n... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-41661

    An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.... Read more

    Affected Products :
    • Published: Jun. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-3549

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. T... Read more

    Affected Products : assimp
    • Published: Apr. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-3548

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to... Read more

    Affected Products : assimp
    • Published: Apr. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-3196

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. Th... Read more

    Affected Products : assimp
    • Published: Apr. 04, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291593 Results