Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-61430

    Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed (len differs fr... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-43907

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through ... Read more

    Affected Products : data_domain_operating_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-10124

    The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.... Read more

    Affected Products : booking_manager
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-60112

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor allows Stored XSS. This issue affects aThemes Addons for Elementor: from n/a through 1.1.3.... Read more

    Affected Products : athemes_addons_for_elementor
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-11911

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-8559

    The All in One Music Player plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.1 via the 'theme' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read th... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-60099

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Embed Any Document allows Stored XSS. This issue affects Embed Any Document: from n/a through 2.7.7.... Read more

    Affected Products : embed_any_document
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-59938

    Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel mes... Read more

    Affected Products : wazuh
    • Published: Sep. 27, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-57197

    In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN ve... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11908

    A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. ... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-62019

    Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more

    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-43913

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through ... Read more

    Affected Products : data_domain_operating_system
    • Published: Oct. 07, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-48326

    Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acclectic Media Organizer: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-59940

    mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-61096

    PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.... Read more

    Affected Products : online_shopping_portal_project
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-49908

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a throu... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-61540

    SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.... Read more

    Affected Products : ultimate_php_board
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-33034

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-27006

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy allows Stored XSS. This issue affects Authorsy: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-53035

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025
Showing 20 of 3838 Results