Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-20205

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due t... Read more

    Affected Products : identity_services_engine
    • Published: Feb. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-20204

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due t... Read more

    Affected Products : identity_services_engine
    • Published: Feb. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-20185

    A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate p... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-20184

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Th... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-20183

    A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a maliciou... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-20180

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a u... Read more

    • Published: Feb. 05, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-20179

    A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-b... Read more

    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-20176

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20175

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20174

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20173

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20172

    A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error hand... Read more

    Affected Products : ios_xe ios ios_xr
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20171

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20170

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-20169

    A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP r... Read more

    Affected Products : ios_xe ios
    • Published: Feb. 05, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-20125

    A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorizatio... Read more

    Affected Products : identity_services_engine
    • Published: Feb. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-20124

    A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the a... Read more

    Affected Products : identity_services_engine
    • Published: Feb. 05, 2025
    • Modified: Mar. 28, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-42207

    HCL iAutomate is affected by a session fixation vulnerability.  An attacker could hijack a victim's session ID from their authenticated session.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2024-39564

    This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path at... Read more

    Affected Products : junos junos_os_evolved
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-0858

    A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.... Read more

    Affected Products :
    • Published: Feb. 05, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291384 Results