Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.2

    MEDIUM
    CVE-2025-32441

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack sessio... Read more

    Affected Products : rack
    • Published: May. 07, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Race Condition

  • 6.5

    MEDIUM
    CVE-2025-0936

    On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly... Read more

    Affected Products : eos
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 1.3

    LOW
    CVE-2025-46826

    insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal ri... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-46821

    Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing th... Read more

    Affected Products : envoy
    • Published: May. 07, 2025
    • Modified: Sep. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-46265

    On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-43878

    When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.  Note: Soft... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41433

    When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41431

    When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Techni... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41414

    When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-41399

    When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not eva... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-36557

    When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS)... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Denial of Service

  • 9.2

    CRITICAL
    CVE-2025-36546

    On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerabil... Read more

    Affected Products : f5os-a
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-36525

    When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-36504

    When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-35995

    When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:... Read more

    • Published: May. 07, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-31644

    When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2023-7303

    A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. ... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-4043

    An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.... Read more

    Affected Products : ug65-868m-ea_firmware ug65-868m-ea
    • Published: May. 07, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-3925

    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-31177

    gnuplot is affected by a heap buffer overflow at function utf8_copy_one.... Read more

    Affected Products : gnuplot
    • Published: May. 07, 2025
    • Modified: Aug. 15, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 293669 Results