Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-20256

    A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary com... Read more

    Affected Products : secure_network_analytics
    • Published: May. 21, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-20255

    A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP reques... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-20250

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuadi... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-20247

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuadi... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-20246

    A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuadi... Read more

    Affected Products : webex_meetings
    • Published: May. 21, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-20242

    A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication ... Read more

    Affected Products : unified_contact_center_enterprise
    • Published: May. 21, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-20152

    A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper h... Read more

    Affected Products : identity_services_engine
    • Published: May. 21, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-20114

    A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-suppli... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-20113

    A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side valida... Read more

    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-20112

    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that hav... Read more

    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-0372

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2024-56428

    The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.... Read more

    Affected Products : ilabclient
    • Published: May. 21, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-4008

    The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is ... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-48207

    The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-48206

    The ns_backup extension through 13.0.0 for TYPO3 allows XSS.... Read more

    Affected Products : ns-backup ns-backup
    • Published: May. 21, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-48205

    The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.... Read more

    Affected Products : sr_feuser_register_extension
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-48204

    The ns_backup extension through 13.0.0 for TYPO3 allows command injection.... Read more

    Affected Products : ns-backup
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-48203

    The cs_seo extension through 9.2.0 for TYPO3 allows XSS.... Read more

    Affected Products :
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-48202

    The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.... Read more

    Affected Products : femanager
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-48201

    The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.... Read more

    Affected Products : ns-backup
    • Published: May. 21, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293497 Results