Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-12044

    Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-... Read more

    Affected Products : vault
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-6980

    Captive Portal can expose sensitive information... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-62790

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent... Read more

    Affected Products : wazuh
    • Published: Oct. 29, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-56223

    A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.... Read more

    Affected Products : signinghub
    • Published: Oct. 20, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-62504

    Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that i... Read more

    Affected Products : envoy
    • Published: Oct. 16, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-61116

    AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as t... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-62409

    Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the co... Read more

    Affected Products : envoy
    • Published: Oct. 16, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61119

    Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by man... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-64364

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-60555

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-11504

    The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to vie... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-56230

    Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-12082

    Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.... Read more

    Affected Products : drupal
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-9954

    Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.... Read more

    Affected Products : drupal
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-32786

    The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.... Read more

    Affected Products : glpi_inventory
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63423

    Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 was discovered to store the Administrator password.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-58149

    When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the doma... Read more

    Affected Products : xen
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-61120

    AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predic... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-11232

    To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" mus... Read more

    Affected Products : kea
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-20725

    In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges nee... Read more

    Affected Products : nr15 nr16 lr12a mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 +62 more products
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3874 Results