Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1226

    A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The expl... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0113

    A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-0111

    An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You ca... Read more

    Affected Products : pan-os
    • Actively Exploited
    • Published: Feb. 12, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-0110

    A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary comma... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-0109

    An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes li... Read more

    Affected Products : pan-os
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-0108

    An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke ce... Read more

    Affected Products : pan-os
    • Actively Exploited
    • Published: Feb. 12, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2024-12673

    An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these ... Read more

    Affected Products : vantage
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-1225

    A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipul... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-1224

    A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated re... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-25343

    Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Feb. 12, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-25283

    parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms p... Read more

    Affected Products : parse_duration
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-25205

    Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attacker... Read more

    Affected Products : audiobookshelf
    • Published: Feb. 12, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2025-25201

    Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the i... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-1216

    A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql inje... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-1215

    A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local ... Read more

    Affected Products : vim bootstrap_os
    • Published: Feb. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-1146

    CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Con... Read more

    Affected Products : falcon
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-0937

    Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.... Read more

    Affected Products : nomad
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-25741

    D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module.... Read more

    Affected Products : dir-853_firmware dir-853
    • Published: Feb. 12, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2025-25200

    Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry ... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-25199

    go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commi... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291717 Results