Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-58202

    Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.... Read more

    Affected Products : simple_page_access_restriction
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.0

    MEDIUM
    CVE-2025-20295

    A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device... Read more

    Affected Products : unified_computing_system
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-43730

    Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of... Read more

    Affected Products :
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2025-20262

    A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a cra... Read more

    Affected Products : nx-os
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2025-20292

    A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid use... Read more

    Affected Products : nx-os unified_computing_system
    • Published: Aug. 27, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-48357

    Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit allows Cross Site Request Forgery. This issue affects Century ToolKit: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-48352

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-48349

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery allows Stored XSS. This issue affects Video Gallery – Vimeo and YouTube Gallery: from n/a through 1.... Read more

    Affected Products : smart-grid-gallery
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-52460

    Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4509 Results