Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-21080

    Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-64334

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. T... Read more

    Affected Products : suricata
    • Published: Nov. 26, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-21072

    Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-58044

    JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an ... Read more

    Affected Products : jumpserver
    • Published: Dec. 01, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-61228

    An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism... Read more

    Affected Products : superduper\!
    • Published: Dec. 01, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-57489

    Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.... Read more

    Affected Products : superduper\!
    • Published: Dec. 01, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-66110

    Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.22.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 6.2

    MEDIUM
    CVE-2025-65841

    Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that ca... Read more

    Affected Products :
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cryptography

  • 5.6

    MEDIUM
    CVE-2025-58475

    Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-58476

    Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-58477

    Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58478

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58479

    Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-58480

    Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-65105

    Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:<profile> and --security=selinux:<label> whic... Read more

    Affected Products : apptainer
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-65215

    Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field.... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-65881

    Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.... Read more

    Affected Products : zoo_management_system
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.9

    HIGH
    CVE-2025-66399

    Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control... Read more

    Affected Products : cacti
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60736

    code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.... Read more

    Affected Products : online_medicine_guide
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-13354

    The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perf... Read more

    Affected Products : taxopress
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization
Showing 20 of 4006 Results