Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-10259

    Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets ... Read more

    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-58186

    Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-11564

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions... Read more

    Affected Products : tutor_lms
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62524

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information dis... Read more

    Affected Products : pilos
    • Published: Oct. 27, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-10638

    The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-60134

    Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through <= 2.1.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-12290

    A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cros... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-64294

    Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15.... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12288

    A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edit_user/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation o... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-58189

    When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-47912

    The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-27374

    An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. The lack of a length check leads to out-of-bounds writes.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-54330

    An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-43444

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user.... Read more

    Affected Products : iphone_os tvos watchos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62778

    Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.... Read more

    Affected Products : learning
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-58185

    Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-54973

    A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to ... Read more

    Affected Products : fortianalyzer fortianalyzer
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-62977

    Missing Authorization vulnerability in 沃之涛 百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.3.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-64319

    Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.... Read more

    Affected Products : mulesoft_anypoint_code_builder
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-62979

    Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.... Read more

    Affected Products : acf_to_rest_api
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3876 Results