Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-48011

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-48010

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.... Read more

    Affected Products : one_time_password
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-48009

    Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.... Read more

    Affected Products : single_content_sync
    • Published: May. 21, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-45754

    A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.... Read more

    Affected Products : seeddms
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-25539

    Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.... Read more

    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-20267

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insu... Read more

    Affected Products : identity_services_engine
    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20258

    A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-20257

    A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate al... Read more

    Affected Products : secure_network_analytics
    • Published: May. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-20256

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary com... Read more

    Affected Products : secure_network_analytics
    • Published: May. 21, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-20255

    A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP reques... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-20250

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuadi... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-20247

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuadi... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-20246

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuadi... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-20242

    A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication ... Read more

    Affected Products : unified_contact_center_enterprise
    • Published: May. 21, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-20152

    A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper h... Read more

    Affected Products : identity_services_engine
    • Published: May. 21, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-20114

    A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-suppli... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-20113

    A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side valida... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-20112

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that hav... Read more

    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-0372

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-56428

    The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.... Read more

    Affected Products : ilabclient
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293425 Results