Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2025-61876

    Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenan... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-12103

    A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-opera... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-62781

    PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently ... Read more

    Affected Products : pilos
    • Published: Oct. 27, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-11981

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient pre... Read more

    Affected Products : wpschoolpress
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-20374

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI fe... Read more

    Affected Products : unified_contact_center_express
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-8870

    On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153... Read more

    Affected Products : eos
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-11794

    Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/{user_id}/email/verify/member endpoint... Read more

    Affected Products : mattermost_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-10683

    The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53062

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 4.9

    MEDIUM
    CVE-2025-62988

    Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-11972

    The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-62820

    Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.... Read more

    Affected Products : nebula
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-53042

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-53046

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compr... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-62475

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2025-12137

    The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths... Read more

    Affected Products : import_wp
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-53411

    An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more

    Affected Products : file_station
    • Published: Nov. 07, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-53069

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-62476

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 4.9

    MEDIUM
    CVE-2015-10146

    The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products : thumbnail_slider_with_lightbox
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection
Showing 20 of 3825 Results