Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-20532

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-20531

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To e... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Nov. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-20530

    A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not p... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Nov. 20, 2024

  • 5.5

    MEDIUM
    CVE-2024-20529

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2024-20528

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super A... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 5.5

    MEDIUM
    CVE-2024-20527

    A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-20525

    A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not p... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Nov. 20, 2024

  • 5.4

    MEDIUM
    CVE-2024-20514

    A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack a... Read more

    • Published: Nov. 06, 2024
    • Modified: Jul. 31, 2025

  • 6.1

    MEDIUM
    CVE-2024-20511

    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cr... Read more

    Affected Products : unified_communications_manager
    • Published: Nov. 06, 2024
    • Modified: Aug. 07, 2025

  • 6.5

    MEDIUM
    CVE-2024-20507

    A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information... Read more

    Affected Products : meeting_management
    • Published: Nov. 06, 2024
    • Modified: Jul. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-20504

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (... Read more

    • Published: Nov. 06, 2024
    • Modified: Aug. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-20487

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-20484

    A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is d... Read more

    Affected Products : enterprise_chat_and_email
    • Published: Nov. 06, 2024
    • Modified: Apr. 04, 2025

  • 4.9

    MEDIUM
    CVE-2024-20476

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 06, 2024
    • Modified: Apr. 04, 2025

  • 6.5

    MEDIUM
    CVE-2024-20457

    A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulne... Read more

    • Published: Nov. 06, 2024
    • Modified: Aug. 07, 2025

  • 5.3

    MEDIUM
    CVE-2024-20445

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is ... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 10.0

    CRITICAL
    CVE-2024-20418

    A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with r... Read more

    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-20371

    A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.  This vulnerabili... Read more

    Affected Products :
    • Published: Nov. 06, 2024
    • Modified: Nov. 06, 2024

  • 8.8

    HIGH
    CVE-2024-10827

    Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 06, 2024
    • Modified: Jan. 02, 2025

  • 8.8

    HIGH
    CVE-2024-10826

    Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : android chrome edge_chromium
    • Published: Nov. 06, 2024
    • Modified: Jan. 02, 2025
Showing 20 of 293613 Results