Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-54808

    Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine. This directory is typically world-readable, allowing any local user ... Read more

    Affected Products : minknow
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-23300

    NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-23330

    NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-11238

    The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. ... Read more

    Affected Products : watu_quiz
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-34502

    Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem a... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.4

    MEDIUM
    CVE-2025-12034

    The Fast Velocity Minify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products : minify
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-7730

    The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products : bold_page_builder
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-40022

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-10680

    OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use... Read more

    Affected Products : openvpn
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 4.4

    MEDIUM
    CVE-2025-12016

    The qnotsquiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qnotsquiz_custom_start_text' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12017

    The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-10740

    The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes i... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-10901

    The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ai_get_table' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attacke... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-9158

    The Request Tracker software is vulnerable to a Stored XSS vulnerability in calendar invitation parsing feature, which displays invitation data without HTML sanitization. XSS vulnerability allows an attacker to send a specifically crafted e-mail enabling ... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-61934

    A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or d... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-58456

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the ... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-61413

    A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.2

    MEDIUM
    CVE-2025-57848

    A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execu... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40023

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already guarded by the info.skip_pcode flag) so we shoul... Read more

    Affected Products : linux_kernel
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40024

    In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task... Read more

    Affected Products : linux_kernel
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Race Condition
Showing 20 of 3912 Results