Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2025-62657

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-20339

    A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit... Read more

    Affected Products : sd-wan_vedge_router
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2025-11073

    A vulnerability was detected in Keyfactor RG-EW5100BE EW_3.0B11P280_EW5100BE-PRO_12183019. The affected element is an unknown function of the file /cgi-bin/luci/api/cmd of the component HTTP POST Request Handler. The manipulation of the argument url resul... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-62652

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-11939

    A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing manipulation of the argument restoreFile can lead to pa... Read more

    Affected Products : churchcrm
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-10578

    A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.... Read more

    Affected Products : support_assistant
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 5.7

    MEDIUM
    CVE-2025-21044

    Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-20368

    In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload thr... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 01, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-59729

    When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100... Read more

    Affected Products : ffmpeg
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-62513

    OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC'd). This impacts those using the A... Read more

    Affected Products : openbao
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-55078

    In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer... Read more

    Affected Products : threadx threadx_netx_duo
    • Published: Oct. 14, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-59730

    When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on t... Read more

    Affected Products : ffmpeg
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-2140

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 5.7

    MEDIUM
    CVE-2025-9955

    An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log dat... Read more

    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-23272

    NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service.... Read more

    Affected Products : cuda_toolkit nvjpeg
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-37727

    Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-60969

    Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.... Read more

    Affected Products : sonoma_d12_firmware sonoma_d12
    • Published: Oct. 06, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Path Traversal

  • 5.7

    MEDIUM
    CVE-2025-55248

    Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 23, 2025

  • 5.7

    MEDIUM
    CVE-2025-55079

    In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected and causing a pos... Read more

    Affected Products : threadx threadx_netx_duo
    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-20367

    In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload ... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Oct. 01, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3956 Results