Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2025-20216

    A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper saniti... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.9

    HIGH
    CVE-2024-52880

    An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 0... Read more

    Affected Products : kernel
    • Published: May. 15, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-4600

    A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue ... Read more

    Affected Products : application_load_balancer
    • Published: May. 16, 2025
    • Modified: Jul. 29, 2025

  • 10.0

    CRITICAL
    CVE-2025-20337

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vuln... Read more

    • Actively Exploited
    • Published: Jul. 16, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-8139

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type lea... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8138

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of th... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8137

    A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-8140

    A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2024-29980

    Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Ma... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jul. 28, 2025

  • 4.6

    MEDIUM
    CVE-2024-29979

    Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Ma... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-1598

    Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.... Read more

    • Published: May. 14, 2024
    • Modified: Jul. 28, 2025

  • 3.3

    LOW
    CVE-2024-12533

    Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 be... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-0762

    Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake... Read more

    • Published: May. 14, 2024
    • Modified: Jul. 28, 2025

  • 7.8

    HIGH
    CVE-2023-5058

    Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.... Read more

    Affected Products : securecore_technology
    • EPSS Score: %0.05
    • Published: Dec. 07, 2023
    • Modified: Jul. 28, 2025

  • 7.8

    HIGH
    CVE-2023-35841

    Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Jul. 28, 2025

  • 8.4

    HIGH
    CVE-2023-31100

    Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from ... Read more

    Affected Products : securecore_technology
    • EPSS Score: %0.05
    • Published: Nov. 15, 2023
    • Modified: Jul. 28, 2025

  • 9.0

    HIGH
    CVE-2014-9193

    Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.... Read more

    Affected Products : mguard_firmware
    • EPSS Score: %0.47
    • Published: Dec. 20, 2014
    • Modified: Jul. 28, 2025

  • 7.8

    HIGH
    CVE-2025-7242

    IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to... Read more

    Affected Products : irfanview cadimage
    • Published: Jul. 21, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7243

    IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to ... Read more

    Affected Products : irfanview cadimage
    • Published: Jul. 21, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-7244

    IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to ... Read more

    Affected Products : irfanview cadimage
    • Published: Jul. 21, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292316 Results