Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-20219

    A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attack... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 4.9

    MEDIUM
    CVE-2025-20218

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insuff... Read more

    Affected Products : firepower_management_center
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2025-20217

    A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected devic... Read more

    Affected Products : firepower_threat_defense
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.5

    HIGH
    CVE-2025-20148

    A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due t... Read more

    Affected Products : firepower_management_center
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2025-20136

    A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauth... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 4.3

    MEDIUM
    CVE-2025-20135

    A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. ... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 8.6

    HIGH
    CVE-2025-20134

    A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpec... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025

  • 8.6

    HIGH
    CVE-2025-20133

    A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, r... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 7.7

    HIGH
    CVE-2025-20127

    A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow a... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2023-43692

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2023-43683

    An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 9.8

    CRITICAL
    CVE-2025-8967

    A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launc... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025

  • 9.8

    CRITICAL
    CVE-2025-8966

    A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be init... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025

  • 6.5

    MEDIUM
    CVE-2025-8965

    A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The man... Read more

    Affected Products : litemall
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 7.0

    HIGH
    CVE-2025-54867

    Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 6.2

    MEDIUM
    CVE-2025-54409

    AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attribut... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025

  • 6.2

    MEDIUM
    CVE-2025-54389

    AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or remo... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 19, 2025

  • 5.4

    MEDIUM
    CVE-2025-53631

    flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post... Read more

    Affected Products : flaskblog
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-50518

    A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possi... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 15, 2025

  • 7.5

    HIGH
    CVE-2025-36047

    IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 18, 2025
Showing 20 of 290943 Results