Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-57063

    A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-54853

    A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspect... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-48394

    A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2020-36084

    SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.... Read more

    Affected Products : responsive_e-learning_system
    • Published: Feb. 05, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-24805

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materia... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-24804

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric c... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-24803

    Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric c... Read more

    Affected Products : mobile_security_framework
    • Published: Feb. 05, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-24372

    CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that fil... Read more

    Affected Products : ckan
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-24497

    When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.9

    HIGH
    CVE-2025-24326

    When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not eval... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-24320

    A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix fo... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24319

    When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical S... Read more

    Affected Products : big-ip_next_central_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-24312

    When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization.   Note: Software versions which ha... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-23419

    When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https:/... Read more

    Affected Products : nginx_plus nginx_open_source
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-23415

    An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-23413

    When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_next_central_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-23412

    When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-23239

    When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reac... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-22891

    When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software v... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-22846

    When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.   Note: Software versions which have reached End of Technical Support... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291358 Results