Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-20939

    A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive ... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 7.5

    HIGH
    CVE-2024-10907

    In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each ... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2024-10908

    An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credentia... Read more

    Affected Products : fastchat
    • Published: Mar. 20, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2024-20419

    A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper... Read more

    Affected Products : smart_software_manager_on-prem
    • Published: Jul. 17, 2024
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2025-1253

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Stack-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.... Read more

    Affected Products : connext_professional
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-1252

    Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 be... Read more

    Affected Products : connext_professional
    • Published: May. 08, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2024-52059

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext P... Read more

    Affected Products : connext_professional
    • Published: Dec. 13, 2024
    • Modified: Jul. 31, 2025

  • 4.3

    MEDIUM
    CVE-2025-20272

    A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, low-privileged, remote attacker to conduct a blind SQL injection attack. This vulnerability is du... Read more

    • Published: Jul. 16, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2025-20155

    A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2022-20632

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based managem... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 5.3

    MEDIUM
    CVE-2022-20633

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication resp... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2022-20631

    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based managem... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2022-20657

    A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. This vulnerability exists because t... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 6.5

    MEDIUM
    CVE-2022-20656

    A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid ... Read more

    • Published: Nov. 15, 2024
    • Modified: Jul. 31, 2025

  • 6.8

    MEDIUM
    CVE-2015-4274

    Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.... Read more

    • Published: Jul. 16, 2015
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2017-12254

    A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation... Read more

    • Published: Sep. 21, 2017
    • Modified: Jul. 31, 2025

  • 6.8

    MEDIUM
    CVE-2015-0740

    Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.... Read more

    • Published: May. 20, 2015
    • Modified: Jul. 31, 2025

  • 7.4

    HIGH
    CVE-2019-1658

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulne... Read more

    • Published: Jan. 24, 2019
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2021-1463

    A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists b... Read more

    • Published: Apr. 08, 2021
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2017-12248

    A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerabi... Read more

    • Published: Sep. 21, 2017
    • Modified: Jul. 31, 2025
Showing 20 of 292907 Results