Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-54809

    F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 6.9

    MEDIUM
    CVE-2025-54500

    An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of Technical Support... Read more

    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 6.3

    MEDIUM
    CVE-2025-53859

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request t... Read more

    Affected Products : nginx_plus nginx_open_source
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 8.7

    HIGH
    CVE-2025-52585

    When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Soft... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 6.1

    MEDIUM
    CVE-2025-51691

    Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly s... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 6.1

    MEDIUM
    CVE-2025-50690

    A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the se... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2025-50635

    A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing... Read more

    Affected Products : wf2780_firmware wf2780
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025

  • 9.1

    CRITICAL
    CVE-2025-50251

    Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 7.3

    HIGH
    CVE-2025-48500

    A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions whi... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 8.7

    HIGH
    CVE-2025-46405

    When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 6.5

    MEDIUM
    CVE-2025-55668

    Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recomm... Read more

    Affected Products : tomcat
    • Published: Aug. 13, 2025
    • Modified: Aug. 18, 2025

  • 6.1

    MEDIUM
    CVE-2025-55160

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic ab... Read more

    Affected Products : imagemagick
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025

  • 8.8

    HIGH
    CVE-2025-55154

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory cor... Read more

    Affected Products : imagemagick
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 5.5

    MEDIUM
    CVE-2025-55005

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or r... Read more

    Affected Products : imagemagick
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025

  • 7.6

    HIGH
    CVE-2025-55004

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing imag... Read more

    Affected Products : imagemagick
    • Published: Aug. 13, 2025
    • Modified: Aug. 15, 2025

  • 5.3

    MEDIUM
    CVE-2025-54791

    OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose informa... Read more

    Affected Products : omero.web
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 9.6

    CRITICAL
    CVE-2025-54382

    Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 7.7

    HIGH
    CVE-2025-54074

    Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a ma... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-52392

    Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative acces... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 19, 2025

  • 5.4

    MEDIUM
    CVE-2025-52386

    CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file... Read more

    Affected Products :
    • Published: Aug. 13, 2025
    • Modified: Aug. 13, 2025
Showing 20 of 290979 Results