Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.7

HIGH

CVE-2025-53474

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-41430

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_ssl_orchestrator ssl_orchestrator
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
5.7

MEDIUM

CVE-2025-55078

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer...

Affected Products : threadx threadx_netx_duo
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
6.8

MEDIUM

CVE-2025-54889

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects...

Affected Products : centreon_web
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.8

MEDIUM

CVE-2025-54891

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I...

Affected Products : centreon_web
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
8.5

HIGH

CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Misconfiguration
9.1

CRITICAL

CVE-2025-59481

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful explo...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
7.5

HIGH

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access....

Affected Products : rooms zoom
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
8.4

HIGH

CVE-2025-59269

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.9

MEDIUM

CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) a...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
6.5

MEDIUM

CVE-2025-58132

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access....

Affected Products : rooms zoom meeting_software_development_kit virtual_desktop_infrastructure vdi_windows_meeting_clients meeting_sdk workplace_desktop workplace_virtual_desktop_infrastructure
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
5.3

MEDIUM

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Information Disclosure
9.8

CRITICAL

CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object...

Affected Products :
Published: Oct. 18, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
5.8

MEDIUM

CVE-2025-62652

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
7.5

HIGH

CVE-2025-11864

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers le...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Server-Side Request Forgery
5.5

MEDIUM

CVE-2025-61554

A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access....

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
5.1

MEDIUM

CVE-2025-11851

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-11842

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Path Traversal
4.0

MEDIUM

CVE-2024-31573

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Misconfiguration
5.4

MEDIUM

CVE-2025-62430

ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Produ...

Affected Products : clipbucket
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 3895 Results

Browse by Apps

Latest CVE Feed

8.7

8.7

5.7

6.8

6.8

8.5

9.1

7.5

8.4

6.9

6.5

5.3

9.8

5.8

7.5

5.5

5.1

6.5

4.0

5.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable