Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-2138

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-11203

    LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to exploit this vulnerability. The spec... Read more

    Affected Products : litellm
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-10636

    The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-31995

    HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-62174

    Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the command-line interface using `bin/tootctl accounts modify --reset-pas... Read more

    Affected Products : mastodon
    • Published: Oct. 13, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Authentication

  • 3.3

    LOW
    CVE-2025-61786

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.stat` and `Deno.FsFile.prototype.statSync` are not limited by the permission model check `--deny-read=./`. It's possible to retrieve s... Read more

    Affected Products : deno
    • Published: Oct. 08, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-62187

    In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).... Read more

    Affected Products : anki
    • Published: Oct. 07, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Path Traversal

  • 3.3

    LOW
    CVE-2025-5496

    ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.... Read more

    Affected Products : manageengine_endpoint_central
    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2025-61670

    Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the `anyref` or `externref` WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 and all... Read more

    Affected Products : wasmtime
    • Published: Oct. 07, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-60361

    radare2 v5.9.8 and before contains a memory leak in the function bochs_open.... Read more

    Affected Products : radare2
    • Published: Oct. 17, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Memory Corruption

  • 3.3

    LOW
    CVE-2025-21077

    Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.... Read more

    Affected Products : email
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 3.3

    LOW
    CVE-2025-61785

    Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.utime` and `Deno.FsFile.prototype.utimeSync` are not limited by the permission model check `--deny-write=./`. It's possible to change ... Read more

    Affected Products : deno
    • Published: Oct. 08, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 3.3

    LOW
    CVE-2025-43395

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Path Traversal

  • 3.1

    LOW
    CVE-2025-23050

    QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.... Read more

    Affected Products : qt
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-8850

    In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This... Read more

    Affected Products : librechat
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-62711

    Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a ... Read more

    Affected Products : wasmtime
    • Published: Oct. 24, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-11731

    A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 3.1

    LOW
    CVE-2025-59280

    Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 20, 2025

  • 3.1

    LOW
    CVE-2025-52655

    Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.... Read more

    Affected Products : dryice_myxalytics
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-62774

    On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 3915 Results