Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-1456

    An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.... Read more

    Affected Products : h2o
    • Published: Apr. 16, 2024
    • Modified: Jul. 28, 2025

  • 8.1

    HIGH
    CVE-2025-8039

    In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 22, 2025
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2025-48924

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) c... Read more

    Affected Products : commons_lang
    • Published: Jul. 11, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-1299

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorize... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46421

    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that iss... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46420

    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8135

    A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. T... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-8136

    A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-2659

    A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. ... Read more

    • Published: Apr. 15, 2024
    • Modified: Jul. 28, 2025

  • 3.7

    LOW
    CVE-2024-25616

    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depe... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-25615

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25614

    There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditio... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25613

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25612

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25611

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-33513

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. ... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33514

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. ... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33515

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. ... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33516

    An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controll... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33517

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected s... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025
Showing 20 of 292768 Results