Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.7

HIGH

CVE-2025-53474

When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
8.7

HIGH

CVE-2025-41430

When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_ssl_orchestrator ssl_orchestrator
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
5.7

MEDIUM

CVE-2025-55078

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer...

Affected Products : threadx threadx_netx_duo
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
6.8

MEDIUM

CVE-2025-54889

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects...

Affected Products : centreon_web
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.8

MEDIUM

CVE-2025-54891

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I...

Affected Products : centreon_web
Published: Oct. 14, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
8.5

HIGH

CVE-2025-59483

A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated....

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Misconfiguration
9.1

CRITICAL

CVE-2025-59481

A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful explo...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
7.5

HIGH

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access....

Affected Products : rooms zoom
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
8.4

HIGH

CVE-2025-59269

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
6.9

MEDIUM

CVE-2025-59268

On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) a...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Authentication
6.5

MEDIUM

CVE-2025-58132

Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access....

Affected Products : rooms zoom meeting_software_development_kit virtual_desktop_infrastructure vdi_windows_meeting_clients meeting_sdk workplace_desktop workplace_virtual_desktop_infrastructure
Published: Oct. 15, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
9.3

CRITICAL

CVE-2025-6893

An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows...

Affected Products : tn-4900_firmware
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Authorization
7.5

HIGH

CVE-2025-62356

A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt ...

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Path Traversal
6.5

MEDIUM

CVE-2025-11842

A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the argument Version leads to path traversal. Remote exploitation of the attack is...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Path Traversal
9.8

CRITICAL

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s ...

Affected Products : keras
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
2.0

LOW

CVE-2025-62653

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
4.0

MEDIUM

CVE-2024-31573

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled....

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Misconfiguration
9.8

CRITICAL

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect pr...

Affected Products :
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Path Traversal
5.4

MEDIUM

CVE-2025-62430

ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Produ...

Affected Products : clipbucket
Published: Oct. 17, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting
5.1

MEDIUM

CVE-2025-11851

A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has...

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 3917 Results

Browse by Apps

Latest CVE Feed

8.7

8.7

5.7

6.8

6.8

8.5

9.1

7.5

8.4

6.9

6.5

9.3

7.5

6.5

9.8

2.0

4.0

9.8

5.4

5.1

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable