Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2024-23976

    When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical Suppor... Read more

    • Published: Feb. 14, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2024-23603

    An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more

    • Published: Feb. 14, 2024
    • Modified: Sep. 05, 2025

  • 7.2

    HIGH
    CVE-2024-21827

    A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker... Read more

    Affected Products : er7206_firmware er7206
    • Published: Jun. 25, 2024
    • Modified: Sep. 05, 2025

  • 7.8

    HIGH
    CVE-2024-23306

    A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more

    • Published: Feb. 14, 2024
    • Modified: Sep. 05, 2025

  • 7.2

    HIGH
    CVE-2024-22389

    When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more

    • Published: Feb. 14, 2024
    • Modified: Sep. 05, 2025

  • 6.9

    MEDIUM
    CVE-2024-54138

    NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequa... Read more

    Affected Products : nugetgallery
    • Published: Dec. 06, 2024
    • Modified: Sep. 05, 2025

  • 8.8

    HIGH
    CVE-2025-22130

    Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositori... Read more

    Affected Products : soft_serve
    • Published: Jan. 08, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal

  • 9.6

    CRITICAL
    CVE-2024-22093

    When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary.  Note: Software vers... Read more

    • Published: Feb. 14, 2024
    • Modified: Sep. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-21793

    An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : big-ip_next_central_manager
    • Published: May. 08, 2024
    • Modified: Sep. 05, 2025

  • 5.7

    MEDIUM
    CVE-2024-7347

    NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built ... Read more

    Affected Products : nginx_plus nginx_open_source
    • Published: Aug. 14, 2024
    • Modified: Sep. 05, 2025

  • 3.3

    LOW
    CVE-2024-51491

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature... Read more

    Affected Products : notation-go
    • Published: Jan. 13, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2024-11584

    cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could ... Read more

    Affected Products : cloud-init
    • Published: Jun. 26, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-32023

    Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potenti... Read more

    Affected Products : redis
    • Published: Jul. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-48367

    Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10,... Read more

    Affected Products : redis
    • Published: Jul. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-55107

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could p... Read more

    Affected Products : portal_for_arcgis
    • Published: Aug. 21, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-55106

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potential... Read more

    Affected Products : portal_for_arcgis
    • Published: Aug. 21, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-55105

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potential... Read more

    Affected Products : portal_for_arcgis
    • Published: Aug. 21, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-55104

    A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any us... Read more

    Affected Products : portal_for_arcgis
    • Published: Aug. 21, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-55103

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potential... Read more

    Affected Products : portal_for_arcgis
    • Published: Aug. 21, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-21622

    ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subd... Read more

    Affected Products : clipbucket
    • Published: Jan. 07, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293259 Results