Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.7

HIGH

CVE-2025-54479

When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (E...

Affected Products : big-ip_access_policy_manager big-ip_policy_enforcement_manager big-ip_next_cloud-native_network_functions big-ip_next_for_kubernetes
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Misconfiguration
9.1

CRITICAL

CVE-2025-53868

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
8.7

HIGH

CVE-2025-53474

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-41430

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_ssl_orchestrator ssl_orchestrator
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
5.7

MEDIUM

CVE-2025-55078

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer...

Affected Products : threadx threadx_netx_duo
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
6.8

MEDIUM

CVE-2025-54889

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects...

Affected Products : centreon_web
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.8

MEDIUM

CVE-2025-54891

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I...

Affected Products : centreon_web
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
8.5

HIGH

CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Misconfiguration
9.1

CRITICAL

CVE-2025-59481

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful explo...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
7.5

HIGH

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access....

Affected Products : rooms zoom
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
8.4

HIGH

CVE-2025-59269

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.9

MEDIUM

CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) a...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
6.5

MEDIUM

CVE-2025-58132

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access....

Affected Products : rooms zoom meeting_software_development_kit virtual_desktop_infrastructure vdi_windows_meeting_clients meeting_sdk workplace_desktop workplace_virtual_desktop_infrastructure
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
5.5

MEDIUM

CVE-2025-60359

radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Memory Corruption
6.5

MEDIUM

CVE-2025-11909

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection...

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
6.9

MEDIUM

CVE-2025-34282

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a wa...

Affected Products : thingsboard
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Server-Side Request Forgery
7.1

HIGH

CVE-2025-62417

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet wil...

Affected Products : bagisto
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
3.4

LOW

CVE-2025-62643

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Cryptography
6.5

MEDIUM

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
6.5

MEDIUM

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field....

Affected Products : flowise
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection

Showing 20 of 4018 Results

Browse by Apps

Latest CVE Feed

8.7

9.1

8.7

8.7

5.7

6.8

6.8

8.5

9.1

7.5

8.4

6.9

6.5

5.5

6.5

6.9

7.1

3.4

6.5

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable