Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.2

    CRITICAL
    CVE-2025-34234

    Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi, prin... Read more

    • Published: Sep. 29, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Cryptography

  • 9.2

    CRITICAL
    CVE-2017-20205

    Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer without performing bounds chec... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.2

    CRITICAL
    CVE-2025-59951

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrie... Read more

    Affected Products : termix
    • Published: Oct. 01, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-60964

    OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and pos... Read more

    Affected Products : sonoma_d12_firmware sonoma_d12
    • Published: Oct. 06, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-55100

    In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies.... Read more

    Affected Products : threadx_usbx
    • Published: Oct. 17, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-52735

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.... Read more

    Affected Products : nextmove
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-7493

    A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations ... Read more

    • Published: Sep. 30, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-55081

    In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case o... Read more

    Affected Products : threadx_netx_duo threadx_usbx
    • Published: Oct. 15, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-52734

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-60965

    OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and pos... Read more

    Affected Products : sonoma_d12_firmware sonoma_d12
    • Published: Oct. 06, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-52738

    Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-58040

    Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cryptography

  • 9.1

    CRITICAL
    CVE-2025-49922

    Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.... Read more

    Affected Products : wpematico_rss_feed_fetcher
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-62919

    Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.2.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-62959

    Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a through <= 7.3.22.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-60291

    An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection configurations.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-53868

    When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software versions which have reached End of Technical Support (EoTS... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-59481

    A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges.  A successful explo... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-62892

    Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3.... Read more

    Affected Products : sunshine_photo_cart
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-62717

    Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is require... Read more

    Affected Products : emlog
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authentication
Showing 20 of 4045 Results