Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-13161

    IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-7704

    Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-13131

    A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-13121

    A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql inj... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-11769

    The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitizatio... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2025-64511

    MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue.... Read more

    Affected Products : maxkb
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-64525

    Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers `x-forwarded-proto` and `x-forwarded-port` are insecurely used, without sanitization, to build the URL. This has several conseq... Read more

    Affected Products : astro
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-64749

    Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns differe... Read more

    Affected Products : directus
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-64269

    Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 1.2.1... Read more

    Affected Products : woocommerce_pdf_invoice_builder
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-64379

    Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.... Read more

    Affected Products : booster_for_woocommerce
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-64271

    Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7.... Read more

    Affected Products : wp_plugin_manager
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.6

    CRITICAL
    CVE-2025-64709

    Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from ... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-64703

    MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue.... Read more

    Affected Products : maxkb
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-13120

    A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public ... Read more

    Affected Products : mruby
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-59367

    An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Ad... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-13130

    A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can ... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-13160

    IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-64726

    Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary co... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-20355

    A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP ... Read more

    Affected Products : catalyst_center
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-59480

    Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses... Read more

    Affected Products : mattermost_server
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 3685 Results