Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2024-31573

    XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 4.0

    MEDIUM
    CVE-2025-21045

    Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2025-8594

    The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack.... Read more

    Affected Products : pz-linkcard
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.8

    LOW
    CVE-2025-10306

    The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Adminis... Read more

    Affected Products : backup_bolt
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2025-58578

    A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-64350

    Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-62794

    GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than ... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2025-10931

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.... Read more

    Affected Products : drupal
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.8

    LOW
    CVE-2025-61924

    PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is... Read more

    Affected Products : prestashop
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-11244

    The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers (such as X-Forwarded-For, HTTP_CLIENT... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-54499

    Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Clou... Read more

    Affected Products : mattermost_server
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 3.7

    LOW
    CVE-2025-61755

    Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : graalvm_for_jdk
    • Published: Oct. 21, 2025
    • Modified: Oct. 27, 2025

  • 3.7

    LOW
    CVE-2025-10939

    A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access t... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-36249

    IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site th... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cryptography

  • 3.7

    LOW
    CVE-2025-61748

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Orac... Read more

    Affected Products : jdk jre graalvm java_se graalvm_for_jdk
    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 3.6

    LOW
    CVE-2025-61984

    ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansio... Read more

    Affected Products : openssh
    • Published: Oct. 06, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authentication

  • 3.6

    LOW
    CVE-2025-61985

    ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.... Read more

    Affected Products : openssh
    • Published: Oct. 06, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-2139

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-59451

    The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-2138

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 4044 Results