Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2025-58985

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a t...

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Cross-Site Scripting
7.8

HIGH

CVE-2025-54894

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability...

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
7.3

HIGH

CVE-2025-43491

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted....

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Path Traversal
6.7

MEDIUM

CVE-2025-54104

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
5.3

MEDIUM

CVE-2025-58979

Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53....

Affected Products : berqwp
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Authorization
4.9

MEDIUM

CVE-2025-58977

Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8....

Affected Products : wp_ebay_product_feeds
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Server-Side Request Forgery
5.8

MEDIUM

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session....

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Injection
7.8

HIGH

CVE-2025-54916

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
7.8

HIGH

CVE-2025-55228

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally....

Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
6.5

MEDIUM

CVE-2025-58990

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0....

Affected Products : woolentor_-_woocommerce_elementor_addons_\+_builder
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Cross-Site Scripting
7.5

HIGH

CVE-2025-5005

A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument corpurl results in server-side reque...

Affected Products : lingdang_crm
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Server-Side Request Forgery
7.0

HIGH

CVE-2025-54114

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally....

Affected Products : windows_server_2016 windows_10_1607 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
7.0

HIGH

CVE-2025-54112

Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +3 more products
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
4.3

MEDIUM

CVE-2025-59005

Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5....

Affected Products : categorify
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Authorization
4.3

MEDIUM

CVE-2025-54107

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products
Published: Sep. 09, 2025

Modified: Sep. 11, 2025
7.5

HIGH

CVE-2025-10164

A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be...

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Misconfiguration
9.1

CRITICAL

CVE-2025-55049

Use of Default Cryptographic Key (CWE-1394)...

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Cryptography
8.1

HIGH

CVE-2025-58215

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a....

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Path Traversal
9.8

CRITICAL

CVE-2025-55048

Multiple CWE-78...

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Injection
10.0

CRITICAL

CVE-2025-55051

CWE-1392: Use of Default Credentials...

Affected Products :
Published: Sep. 09, 2025

Modified: Sep. 11, 2025

Vuln Type: Authentication

Showing 20 of 4210 Results

Browse by Apps

Latest CVE Feed

6.5

7.8

7.3

6.7

5.3

4.9

5.8

7.8

7.8

6.5

7.5

7.0

7.0

4.3

4.3

7.5

9.1

8.1

9.8

10.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable