Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2025-0126

    When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a ... Read more

    Affected Products : pan-os
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-0125

    An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. Th... Read more

    Affected Products : pan-os
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-0124

    An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and conf... Read more

    Affected Products : pan-os
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-0122

    A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet processing capabilities of the device by sending a burst... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-0121

    A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without C... Read more

    Affected Products : cortex_xdr_agent
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-0120

    A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution re... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Apr. 11, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-51461

    IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.... Read more

    Affected Products : qradar_wincollect
    • Published: Apr. 11, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-32809

    W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.7

    HIGH
    CVE-2025-32808

    W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-32807

    A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.... Read more

    Affected Products : fusiondirectory
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025

  • 6.2

    MEDIUM
    CVE-2025-29918

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite l... Read more

    Affected Products : suricata
    • Published: Apr. 10, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-29917

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decode_base64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause l... Read more

    Affected Products : suricata
    • Published: Apr. 10, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-29916

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This size setting isn't properly limited, so the hash table a... Read more

    Affected Products : suricata
    • Published: Apr. 10, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-29915

    Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. Howeve... Read more

    Affected Products : suricata
    • Published: Apr. 10, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NONE
    CVE-2025-3469

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue... Read more

    Affected Products : mediawiki
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.3

    LOW
    CVE-2025-32700

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseLog.Php, includes/Pager/AbuseLogPager.Php, includes/Special/SpecialAbu... Read more

    Affected Products :
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 2.1

    LOW
    CVE-2025-32699

    Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.... Read more

    Affected Products : mediawiki
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-32698

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/LogPager.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.... Read more

    Affected Products : mediawiki
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NONE
    CVE-2025-32697

    Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/Restricti... Read more

    Affected Products : mediawiki
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authorization

  • 0.0

    NONE
    CVE-2025-32696

    Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.4... Read more

    Affected Products : mediawiki
    • Published: Apr. 10, 2025
    • Modified: Apr. 11, 2025
Showing 20 of 293507 Results