Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-11166

    For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disab... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-23047

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 thro... Read more

    Affected Products : cilium
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 7.1

    HIGH
    CVE-2025-0651

    Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges  can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Rese... Read more

    Affected Products : warp
    • Published: Jan. 22, 2025
    • Modified: Jul. 31, 2025

  • 7.8

    HIGH
    CVE-2024-55957

    In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Mar. 14, 2025

  • 4.3

    MEDIUM
    CVE-2025-24403

    A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2025-24402

    A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 23, 2025

  • 6.8

    MEDIUM
    CVE-2025-24401

    Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to a... Read more

    • Published: Jan. 22, 2025
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2025-24400

    Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Mar. 20, 2025

  • 8.8

    HIGH
    CVE-2025-24399

    Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log i... Read more

    • Published: Jan. 22, 2025
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2025-24398

    Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 (both inclusive) allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.... Read more

    Affected Products : bitbucket_server_integration
    • Published: Jan. 22, 2025
    • Modified: Jun. 06, 2025

  • 4.3

    MEDIUM
    CVE-2025-24397

    An incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token and Secret text... Read more

    Affected Products : gitlab
    • Published: Jan. 22, 2025
    • Modified: Jan. 23, 2025

  • 5.3

    MEDIUM
    CVE-2025-23028

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is... Read more

    Affected Products : cilium
    • Published: Jan. 22, 2025
    • Modified: Feb. 18, 2025

  • 7.5

    HIGH
    CVE-2025-20165

    A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper... Read more

    • Published: Jan. 22, 2025
    • Modified: Aug. 06, 2025

  • 9.9

    CRITICAL
    CVE-2025-20156

    A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enf... Read more

    Affected Products : meeting_management
    • Published: Jan. 22, 2025
    • Modified: Aug. 01, 2025

  • 7.5

    HIGH
    CVE-2025-20128

    A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underf... Read more

    • Published: Jan. 22, 2025
    • Modified: Aug. 06, 2025

  • 5.4

    MEDIUM
    CVE-2024-51457

    IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the inte... Read more

    • Published: Jan. 22, 2025
    • Modified: Aug. 18, 2025

  • 5.9

    MEDIUM
    CVE-2025-23992

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2025-23914

    Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 7.1

    HIGH
    CVE-2025-23809

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025

  • 7.5

    HIGH
    CVE-2025-0638

    The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.... Read more

    Affected Products : routinator
    • Published: Jan. 22, 2025
    • Modified: Jan. 22, 2025
Showing 20 of 291058 Results