Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2025-20115

    A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to a memory corr... Read more

    Affected Products : ios_xr
    • Published: Mar. 12, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 5.2

    MEDIUM
    CVE-2025-1984

    Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-1960

    CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-1683

    Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-0884

    Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.  The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2025-0883

    Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-0813

    CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal ... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-2240

    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial o... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-29891

    Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.... Read more

    Affected Products : camel
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-27915

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail mess... Read more

    Affected Products : collaboration
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-27914

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's ses... Read more

    Affected Products : collaboration
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-22954

    GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.... Read more

    Affected Products : koha
    • Published: Mar. 12, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-27763

    XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-27794

    Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.h... Read more

    Affected Products : flarum
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-27788

    JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fi... Read more

    Affected Products : json javascript_object_notation
    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25709

    An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-21590

    An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arb... Read more

    Affected Products : junos
    • Actively Exploited
    • Published: Mar. 12, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-52362

    IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service... Read more

    • Published: Mar. 12, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-29904

    In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible... Read more

    Affected Products : ktor
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-29903

    In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293309 Results