Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-25565

    SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command... Read more

    Affected Products : vpn
    • Published: Mar. 12, 2025
    • Modified: Jul. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-20209

    A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.  This vulnerability is du... Read more

    Affected Products : ios_xr ncs_1004 ncs_540l ncs_1010 ncs_1014
    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-20177

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker m... Read more

    Affected Products : ios_xr 8201 8202 8101-32fh 8102-64h 8201-32fh 8804 8808 8812 8818 +50 more products
    • Published: Mar. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-20146

    A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remo... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-20145

    A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incor... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-20144

    A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a sp... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20143

    A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the a... Read more

    Affected Products : ios_xr
    • Published: Mar. 12, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-20142

    A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Denial of Service

  • 7.4

    HIGH
    CVE-2025-20141

    A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple C... Read more

    • Published: Mar. 12, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-20138

    A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of use... Read more

    Affected Products : ios_xr
    • Published: Mar. 12, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-20115

    A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corr... Read more

    Affected Products : ios_xr
    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2025-1984

    Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1960

    CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-1683

    Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-0884

    Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.  The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2025-0883

    Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-0813

    CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal ... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-2240

    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial o... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-29891

    Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.... Read more

    Affected Products : camel
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-27915

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail mess... Read more

    Affected Products : collaboration
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293259 Results