Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.1

HIGH

CVE-2025-61604

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protect...

Affected Products : wegia
Published: Oct. 02, 2025

Modified: Oct. 07, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-47902

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5....

Affected Products :
Published: Oct. 20, 2025

Modified: Oct. 21, 2025

Vuln Type: Injection
7.1

HIGH

CVE-2025-62020

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= 1.5.11....

Affected Products : vod_infomaniak
Published: Oct. 22, 2025

Modified: Oct. 23, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-49930

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through <= 3.5.10....

Affected Products : jetsearch
Published: Oct. 22, 2025

Modified: Oct. 23, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8....

Affected Products : wordpress_learning_management_system_
Published: Oct. 22, 2025

Modified: Oct. 23, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-47342

Transient DOS may occur when multi-profile concurrency arises with QHS enabled....

Affected Products : qcc7225_firmware qcc7226_firmware qcc7228_firmware qcc7225 qcc7226 qcc7228 qcc5161_firmware qcc5161 s3_gen_2_sound_platform_firmware s3_gen_2_sound_platform +6 more products
Published: Oct. 09, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
7.1

HIGH

CVE-2025-33040

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a...

Affected Products : qsync_central
Published: Oct. 03, 2025

Modified: Oct. 07, 2025

Vuln Type: Denial of Service
7.1

HIGH

CVE-2025-21068

Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory....

Affected Products : notes
Published: Oct. 10, 2025

Modified: Oct. 16, 2025

Vuln Type: Memory Corruption
7.1

HIGH

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting (XSS) vulnerability with the input location being the "Username" field and the output location on the "Shared...

Affected Products : bigbluebutton
Published: Oct. 09, 2025

Modified: Oct. 20, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access t...

Affected Products : icinga
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
7.1

HIGH

CVE-2025-52753

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Reflected XSS.This issue affects Contact Form by Supsystic: from n/a through <= 1.7....

Affected Products : contact_form
Published: Oct. 22, 2025

Modified: Oct. 23, 2025

Vuln Type: Cross-Site Scripting
7.0

HIGH

CVE-2025-50174

Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Oct. 14, 2025

Modified: Oct. 23, 2025
7.0

HIGH

CVE-2025-55340

Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally....

Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products
Published: Oct. 14, 2025

Modified: Oct. 24, 2025
7.0

HIGH

CVE-2025-10991

The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907....

Affected Products :
Published: Sep. 30, 2025

Modified: Oct. 02, 2025

Vuln Type: Authentication
7.0

HIGH

CVE-2025-58734

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-59282

Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products
Published: Oct. 14, 2025

Modified: Oct. 14, 2025
7.0

HIGH

CVE-2025-55691

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 14, 2025
7.0

HIGH

CVE-2025-55689

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally....

Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 14, 2025
7.0

HIGH

CVE-2025-58738

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products
Published: Oct. 14, 2025

Modified: Oct. 16, 2025
7.0

HIGH

CVE-2025-55688

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 14, 2025

Showing 20 of 3872 Results

Browse by Apps

Latest CVE Feed

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.0

7.0

7.0

7.0

7.0

7.0

7.0

7.0

7.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable