Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-55972

    A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoin... Read more

    Affected Products : 65c655_firmware 65c655
    • Published: Oct. 03, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-62356

    A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt ... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-57323

    mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.pro... Read more

    Affected Products : mpregular
    • Published: Sep. 24, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-10743

    The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11501

    The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-59043

    OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the fac... Read more

    Affected Products : openbao
    • Published: Oct. 17, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-11722

    The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-26781

    An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61581

    ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component co... Read more

    Affected Products : traffic_control
    • Published: Oct. 16, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-55568

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a De... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-26782

    An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61919

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcin... Read more

    Affected Products : rack
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-11558

    A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out ... Read more

    Affected Products : e-commerce_website
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-59502

    Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025

  • 7.5

    HIGH
    CVE-2025-54265

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Oct. 14, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-61602

    BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId`... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-11678

    Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a resp... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-56223

    A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-56219

    Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-43914

    Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Authorization
Showing 20 of 3877 Results