Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-11534

    The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-62695

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025

  • 0.0

    NA
    CVE-2025-40012

    In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are later passed to get_page() in smc_rx_splice(). Sinc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 1.8

    LOW
    CVE-2025-11624

    Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.... Read more

    Affected Products : wolfssh
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-11625

    Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.... Read more

    Affected Products : wolfssh
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-62595

    Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain ci... Read more

    Affected Products : koa
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.9

    HIGH
    CVE-2025-60507

    Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. W... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-62249

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-6515

    The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client M... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40008

    In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224_kunit on a KMSAN-enabled kernel results in a crash in kmsan_internal_set_shadow_origin(): BUG: unable to handle page... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40013

    In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error poi... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40006

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. remove_inode_single_folio will unmap the folio if the folio is still mapped. However, ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Race Condition

  • 6.1

    MEDIUM
    CVE-2025-61454

    A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitra... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-11678

    Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a resp... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 4.5

    MEDIUM
    CVE-2025-11947

    A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack... Read more

    Affected Products :
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-62657

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension: 1.44.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-62697

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Exten... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-62658

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-5517

    Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Te... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.8

    MEDIUM
    CVE-2025-60856

    Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is dispute... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication
Showing 20 of 3676 Results