Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-35033

    Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-43400

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a malic... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-11322

    A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak passw... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-11643

    A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-code... Read more

    Affected Products :
    • Published: Oct. 12, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-61762

    Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to co... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 22, 2025

  • 6.3

    MEDIUM
    CVE-2025-11965

    In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/confi... Read more

    Affected Products : vert.x-web
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-43991

    SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially e... Read more

    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-11648

    A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed f... Read more

    Affected Products :
    • Published: Oct. 12, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-11646

    A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exp... Read more

    Affected Products :
    • Published: Oct. 12, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-62511

    yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use (TOCTOU) race condition (CWE-367) in the creation of the default configuration file config.json... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Race Condition

  • 6.3

    MEDIUM
    CVE-2025-55086

    In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memor... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-11636

    A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. ... Read more

    Affected Products :
    • Published: Oct. 12, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-58424

    On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-25298

    Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently... Read more

    Affected Products : strapi
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-11938

    A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. The attack may be initiated remo... Read more

    Affected Products : churchcrm
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-11677

    Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve den... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-55087

    In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-11633

    A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The ... Read more

    Affected Products :
    • Published: Oct. 12, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-48813

    Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025

  • 6.2

    MEDIUM
    CVE-2025-54654

    Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality... Read more

    Affected Products : harmonyos
    • Published: Oct. 11, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 3934 Results