Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-49949

    Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11724

    The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBM_Admin_Untappd_Import_image() function and... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-55085

    In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.... Read more

    Affected Products : threadx_netx_duo threadx_usbx
    • Published: Oct. 17, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-12256

    A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can lead to sql injection. The attack can be ex... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12243

    A vulnerability was found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the file clientdetails/welcome.php of the component GET Parameter Handler. Performing manipulation of the argument ID results in ... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12255

    A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attac... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12242

    A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can ... Read more

    Affected Products : gym_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-14004

    Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration s... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-53425

    Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.2.... Read more

    Affected Products : dokan
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-58718

    Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 8.8

    HIGH
    CVE-2025-12252

    A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit h... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10706

    The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-20710

    In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. P... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-12254

    A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12864

    U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : u-office_force
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-31634

    Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-58715

    Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 8.8

    HIGH
    CVE-2025-57740

    An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all ver... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-11715

    Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrar... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Oct. 14, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-43419

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3833 Results