Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2025-46828

    WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue ... Read more

    Affected Products : wegia
    • Published: May. 07, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-32821

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32820

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-32819

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2025-20223

    A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insuffici... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-20221

    A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an af... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-20216

    A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper saniti... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-20214

    A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because ... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20213

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attack... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-20210

    A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentica... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication

  • 7.4

    HIGH
    CVE-2025-20202

    A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of access poin... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-20201

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-20200

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-20199

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-20198

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-20197

    A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-20196

    A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a deni... Read more

    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-20195

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CS... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-20194

    A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input val... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection
Showing 20 of 293679 Results