Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-11626

    MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-62594

    ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile widt... Read more

    Affected Products : imagemagick
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-11839

    A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the ... Read more

    Affected Products : binutils
    • Published: Oct. 16, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-11580

    A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and coul... Read more

    Affected Products : powerjob
    • Published: Oct. 10, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-11941

    A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path travers... Read more

    Affected Products :
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-61912

    python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-61911

    python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-43313

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-10986

    Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-43335

    The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-20724

    In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418894; Is... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2022-4981

    A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be a... Read more

    Affected Products : dcmtk
    • Published: Oct. 21, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-62411

    LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the... Read more

    Affected Products : librenms
    • Published: Oct. 16, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-54275

    Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the application or make it unavailable. Exploita... Read more

    Affected Products : substance_3d_viewer
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-20722

    In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more

    Affected Products : android openwrt rdk-b mt6835 mt6878 mt6886 mt6897 mt6980d mt6985 mt6989 +9 more products
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-55699

    Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 5.5

    MEDIUM
    CVE-2025-61155

    Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-11594

    A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Su... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-59190

    Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025

  • 5.5

    MEDIUM
    CVE-2025-59229

    Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025
Showing 20 of 3803 Results