Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-58187

    Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-57109

    Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previous... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-47912

    The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12309

    A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely... Read more

    Affected Products : nero_social_networking_site
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-12311

    A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be la... Read more

    Affected Products : curfew_e-pass_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-12312

    A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotel... Read more

    Affected Products : curfew_e-pass_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-8850

    In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This... Read more

    Affected Products : librechat
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2025-54941

    An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or th... Read more

    Affected Products : airflow
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-3356

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append t... Read more

    Affected Products : tivoli_monitoring
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-3355

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the ... Read more

    Affected Products : tivoli_monitoring
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-12314

    A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. Remote exploitation of the attack ... Read more

    Affected Products : food_ordering_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12315

    A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The ex... Read more

    Affected Products : food_ordering_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12316

    A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried... Read more

    Affected Products : courier_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-12322

    A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack rem... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12325

    A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. Th... Read more

    Affected Products : best_salon_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-12333

    A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate... Read more

    Affected Products : e-commerce_website
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-11630

    A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initia... Read more

    Affected Products : docsys
    • Published: Oct. 12, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-11631

    A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched r... Read more

    Affected Products : docsys
    • Published: Oct. 12, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-11633

    A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The ... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 4.6

    MEDIUM
    CVE-2025-11634

    A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The exploit has been r... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4048 Results