Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-41073

    Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploi... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-59208

    Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025

  • 7.1

    HIGH
    CVE-2025-62720

    LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in the system, including private links that should only be accessible to their owners. T... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-59232

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025

  • 7.1

    HIGH
    CVE-2025-62721

    LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists,... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-57107

    Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries b... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-60075

    Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through <= 3.0.1.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-58971

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through <= 1.6.7.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62005

    Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-34283

    Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.... Read more

    Affected Products : xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-59235

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025

  • 7.1

    HIGH
    CVE-2025-34273

    Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deleti... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-53423

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Triss triss allows Reflected XSS.This issue affects Triss: from n/a through <= 2.6.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-62527

    Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if ... Read more

    Affected Products : taguette
    • Published: Oct. 20, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-21079

    Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-64134

    Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2025-43338

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-62260

    Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows r... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-43386

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process mem... Read more

    Affected Products : iphone_os tvos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-61136

    A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) g... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3917 Results