Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-64283

    Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63294

    WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-64320

    Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.... Read more

    Affected Products : agentforce_vibes_extension
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-64365

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64367

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.... Read more

    Affected Products : groundhogg
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-60790

    ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.... Read more

    Affected Products : processwire
    • Published: Oct. 21, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-36008

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.... Read more

    Affected Products : db2
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-36006

    IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resource... Read more

    Affected Products : db2
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-47118

    IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with ... Read more

    Affected Products : db2
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-64197

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62011

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through <= 5.10.5.... Read more

    Affected Products : thegem
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-20376

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker coul... Read more

    Affected Products : unified_contact_center_express
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-64318

    Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1.... Read more

    Affected Products : mulesoft_anypoint_code_builder
    • Published: Nov. 04, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-43448

    This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-55700

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-29699

    NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.... Read more

    Affected Products : netsurf
    • Published: Nov. 03, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-58084

    Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.... Read more

    • Published: Oct. 13, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20375

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could ... Read more

    Affected Products : unified_contact_center_express
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-54970

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job own... Read more

    Affected Products : socet_gxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11913

    A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The atta... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3849 Results