Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-62367

    Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40051

    In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025

  • 7.2

    HIGH
    CVE-2025-59837

    Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lea... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-27093

    Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with e... Read more

    Affected Products : sliver
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-43017

    HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.... Read more

    Affected Products : hp_thinpro_8.1
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-62798

    Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, express... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-11705

    The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX act... Read more

    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-40047

    In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a canc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 5.5

    MEDIUM
    CVE-2025-12310

    A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication ... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-12331

    A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to th... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-9313

    An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attacke... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40082

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2025-1036

    Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root ... Read more

    Affected Products : tropos_4th_gen
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40081

    In the Linux kernel, the following vulnerability has been resolved: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Cast nr_pages to unsigned long to avoid overflow when handling large AUX buffer sizes (>= 2 GiB).... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12380

    Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects ... Read more

    Affected Products : firefox
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40090

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 ("ksmbd: Fix race condition in RPC handle list access"), ksmbd_session_rpc_method() attempts to lock se... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40098

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Return value of a function acpi_evaluate_dsm() is dereferenced without checking for NULL, but it is us... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40093

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to fre... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40087

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-10929

    Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.... Read more

    Affected Products : drupal
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3690 Results