Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-54452

    Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-54451

    Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more

    Affected Products : magicinfo_9_server
    • Published: Jul. 23, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-30065

    Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.... Read more

    Affected Products : parquet parquet_java
    • Published: Apr. 01, 2025
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2025-3891

    A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consis... Read more

    • Published: Apr. 29, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-4976

    An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses.... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-8044

    Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-8043

    Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 7.1

    HIGH
    CVE-2024-1456

    An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.... Read more

    Affected Products : h2o
    • Published: Apr. 16, 2024
    • Modified: Jul. 28, 2025

  • 8.1

    HIGH
    CVE-2025-8039

    In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2025-48924

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) c... Read more

    Affected Products : commons_lang
    • Published: Jul. 11, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-1299

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorize... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46421

    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that iss... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46420

    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8135

    A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. T... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-8136

    A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-2659

    A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. ... Read more

    • Published: Apr. 15, 2024
    • Modified: Jul. 28, 2025

  • 3.7

    LOW
    CVE-2024-25616

    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depe... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-25615

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25614

    There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditio... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25613

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025
Showing 20 of 292316 Results