Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-60735

    PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function... Read more

    Affected Products : perfreeblog
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025

  • 7.6

    HIGH
    CVE-2025-62015

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons:... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-64195

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from n/a through <= 5.7.6.... Read more

    Affected Products : eduma
    • Published: Oct. 29, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-60570

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-62727

    Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-64359

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through < 6.7.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-12115

    The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifical... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-56426

    An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack of a length check leads to out-of-bounds writes via malformed USB packets to the t... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63466

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60561

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60559

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60552

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60551

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60549

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60571

    D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-62604

    MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched ... Read more

    Affected Products : metersphere
    • Published: Oct. 22, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-54963

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service proc... Read more

    Affected Products : socet_gxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-60569

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60800

    Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-54604

    Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3914 Results