Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-62416

    Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating engine when rendering product descriptions. This allows... Read more

    Affected Products : bagisto
    • Published: Oct. 16, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-9337

    A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Secu... Read more

    Affected Products : armoury_crate
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-5517

    Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Te... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-9698

    The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-21047

    Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.... Read more

    Affected Products : android
    • Published: Oct. 10, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-9548

    A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.... Read more

    Affected Products : power_management_driver
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-54892

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infr... Read more

    Affected Products : centreon_web
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-12136

    The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-wit... Read more

    Affected Products : wordpress_real_cookie_banner
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-8430

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I... Read more

    Affected Products : centreon_web
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-54889

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects... Read more

    Affected Products : centreon_web
    • Published: Oct. 14, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-9975

    The WP Scraper plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.8.1 via the wp_scraper_extract_content function. This makes it possible for authenticated attackers, with Administrator-level access a... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-9336

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate... Read more

    Affected Products : armoury_crate
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-56438

    An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-54891

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I... Read more

    Affected Products : centreon_web
    • Published: Oct. 14, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-9978

    The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-48428

    Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or coun... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2025-11906

    A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate p... Read more

    Affected Products : flowmon
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-8886

    Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authen... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-20736

    In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. ... Read more

    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-40774

    A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover p... Read more

    Affected Products : sipass_integrated
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cryptography
Showing 20 of 3922 Results