Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-45388

    Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is d... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-3476

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-3272

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-30147

    Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-29746

    Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components... Read more

    Affected Products : koillection
    • Published: May. 07, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-26169

    IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration fil... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Race Condition

  • 8.1

    HIGH
    CVE-2025-26168

    IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configurati... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-47423

    Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.... Read more

    • Published: May. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Path Traversal

  • 4.5

    MEDIUM
    CVE-2025-47203

    dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.... Read more

    Affected Products : dropbear_ssh
    • Published: May. 07, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-46828

    WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue ... Read more

    Affected Products : wegia
    • Published: May. 07, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-46824

    The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: Aug. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-32821

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32820

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-32819

    A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.... Read more

    • Published: May. 07, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2025-20223

    A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insuffici... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-20221

    A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an af... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-20216

    A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper saniti... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-20214

    A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because ... Read more

    Affected Products : ios_xe
    • Published: May. 07, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-20213

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attack... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: May. 07, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Path Traversal

  • 7.3

    HIGH
    CVE-2025-20210

    A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings. This vulnerability is due to the lack of authentica... Read more

    Affected Products : dna_center catalyst_center
    • Published: May. 07, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authentication
Showing 20 of 293948 Results