Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2024-13272

    Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.... Read more

    Affected Products : paragraphs_table
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-9005

    A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an atta... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2022-38129

    A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.... Read more

    Affected Products : sensor_management_server
    • EPSS Score: %3.73
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 7.5

    HIGH
    CVE-2022-36923

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain... Read more

    • EPSS Score: %0.27
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 4.7

    MEDIUM
    CVE-2022-34704

    Windows Defender Credential Guard Information Disclosure Vulnerability... Read more

    • EPSS Score: %1.73
    • Published: Aug. 09, 2022
    • Modified: Aug. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-31674

    VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.... Read more

    Affected Products : vrealize_operations
    • EPSS Score: %0.36
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 7.2

    HIGH
    CVE-2022-31672

    VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.... Read more

    Affected Products : vrealize_operations
    • EPSS Score: %1.05
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-2457

    A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.... Read more

    Affected Products : process_automation_manager
    • EPSS Score: %0.21
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-2355

    The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin... Read more

    Affected Products : easy_username_updater
    • EPSS Score: %0.12
    • Published: Aug. 08, 2022
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-20361

    In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User inter... Read more

    Affected Products : android
    • EPSS Score: %0.59
    • Published: Aug. 10, 2022
    • Modified: Aug. 27, 2025

  • 5.0

    MEDIUM
    CVE-1999-0159

    Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.... Read more

    Affected Products : ios
    • EPSS Score: %0.42
    • Published: Aug. 12, 1998
    • Modified: Aug. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-57770

    The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login in... Read more

    Affected Products : zitadel
    • Published: Aug. 22, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-9397

    A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The ex... Read more

    Affected Products : vvveb
    • Published: Aug. 24, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-9407

    A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remot... Read more

    Affected Products : mblog
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-9004

    A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-8992

    A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and ma... Read more

    Affected Products : mblog
    • Published: Aug. 15, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-8927

    A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction o... Read more

    Affected Products : mblog
    • Published: Aug. 13, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-53518

    An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to tr... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-53557

    A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-53853

    A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can p... Read more

    Affected Products : libbiosig
    • Published: Aug. 25, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 292212 Results