Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-11003

    Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modu... Read more

    Affected Products : needrestart
    • Published: Nov. 19, 2024
    • Modified: Jul. 03, 2025

  • 6.5

    MEDIUM
    CVE-2025-6431

    When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in externa... Read more

    Affected Products : android firefox
    • Published: Jun. 24, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2024-30154

    HCL SX is vulnerable to cross-site request forgery vulnerability which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more

    Affected Products : hcl_sx
    • Published: Mar. 03, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-26634

    Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2025-20170

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20171

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20172

    A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error hand... Read more

    Affected Products : ios_xe ios ios_xr
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20173

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20174

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20175

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20176

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 2.7

    LOW
    CVE-2024-29852

    Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 7.8

    HIGH
    CVE-2024-29853

    An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.... Read more

    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-20309

    A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root accoun... Read more

    Affected Products : unified_communications_manager
    • Published: Jul. 02, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-23944

    Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. Z... Read more

    Affected Products : zookeeper
    • Published: Mar. 15, 2024
    • Modified: Jul. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-39851

    webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be u... Read more

    Affected Products : webchess
    • Published: Aug. 15, 2023
    • Modified: Jul. 03, 2025

  • 5.3

    MEDIUM
    CVE-2025-6951

    A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for thi... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-34053

    An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoi... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6934

    The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of ... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-34051

    A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str p... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 293631 Results