Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-46421

    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that iss... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46420

    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-8135

    A vulnerability, which was classified as critical, has been found in itsourcecode Insurance Management System 1.0. This issue affects some unknown processing of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. T... Read more

    Affected Products : insurance_management_system
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-8136

    A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads ... Read more

    Affected Products : a702r_firmware a702r
    • Published: Jul. 25, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2024-2659

    A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. ... Read more

    • Published: Apr. 15, 2024
    • Modified: Jul. 28, 2025

  • 3.7

    LOW
    CVE-2024-25616

    Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depe... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 5.3

    MEDIUM
    CVE-2024-25615

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25614

    There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditio... Read more

    Affected Products : arubaos
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25613

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25612

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-25611

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 5.9

    MEDIUM
    CVE-2024-33513

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. ... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33514

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. ... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33515

    Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service. ... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33516

    An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controll... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.5

    HIGH
    CVE-2024-33517

    An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected s... Read more

    Affected Products : arubaos
    • Published: May. 01, 2024
    • Modified: Jul. 28, 2025

  • 7.2

    HIGH
    CVE-2024-1356

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan sd-wan
    • Published: Mar. 05, 2024
    • Modified: Jul. 28, 2025

  • 6.1

    MEDIUM
    CVE-2022-25869

    All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation o... Read more

    Affected Products : angular angular
    • Published: Jul. 15, 2022
    • Modified: Jul. 28, 2025

  • 7.8

    HIGH
    CVE-2025-3931

    A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses auth... Read more

    • Published: May. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-45467

    Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293280 Results