Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-11908

    A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-11909

    A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-64116

    Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerab... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-63675

    cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-59503

    Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : azure_compute_resource_provider
    • Published: Oct. 23, 2025
    • Modified: Oct. 31, 2025

  • 4.8

    MEDIUM
    CVE-2025-59501

    Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025

  • 8.8

    HIGH
    CVE-2025-11910

    A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11911

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11912

    A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11913

    A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The atta... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-11914

    A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-61921

    Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used whe... Read more

    Affected Products : sinatra
    • Published: Oct. 10, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-55698

    Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 5.5

    MEDIUM
    CVE-2025-55699

    Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-55700

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 7.8

    HIGH
    CVE-2025-60749

    DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-12554

    Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-12553

    Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-12552

    Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-12509

    On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.... Read more

    Affected Products : brain2
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication
Showing 20 of 3889 Results