Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id....

Affected Products :
Published: Oct. 01, 2025

Modified: Oct. 28, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-59685

Kazaar 1.25.12 allows a JWT with none in the alg field....

Affected Products :
Published: Oct. 01, 2025

Modified: Oct. 28, 2025

Vuln Type: Authentication
6.5

MEDIUM

CVE-2025-57423

A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker co...

Affected Products :
Published: Oct. 03, 2025

Modified: Oct. 28, 2025

Vuln Type: Injection
9.9

CRITICAL

CVE-2025-55315

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network....

Affected Products : asp.net_core visual_studio_2022
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
6.0

MEDIUM

CVE-2025-37149

A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware....

Affected Products :
Published: Oct. 14, 2025

Modified: Oct. 28, 2025

Vuln Type: Memory Corruption
6.5

MEDIUM

CVE-2025-10720

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker...

Affected Products : wp_private_content_plus
Published: Oct. 13, 2025

Modified: Oct. 28, 2025

Vuln Type: Authentication
8.8

HIGH

CVE-2025-59228

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....

Affected Products : sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
5.5

MEDIUM

CVE-2025-59229

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally....

Affected Products : 365_apps office_long_term_servicing_channel office_2024
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
7.8

HIGH

CVE-2025-59231

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
7.8

HIGH

CVE-2025-59233

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
7.8

HIGH

CVE-2025-59234

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2016 office_2024 office_2021 office_2019
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
8.4

HIGH

CVE-2025-59236

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : office 365_apps office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021 office_2019
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
8.8

HIGH

CVE-2025-59237

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network....

Affected Products : sharepoint_server sharepoint_server_2016 sharepoint_server_2019
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
7.5

HIGH

CVE-2025-59248

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network....

Affected Products : exchange_server exchange_server_se exchange_server_2019 exchange_server_2016
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
8.8

HIGH

CVE-2025-59249

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network....

Affected Products : exchange_server exchange_server_se exchange_server_2019 exchange_server_2016
Published: Oct. 14, 2025

Modified: Oct. 28, 2025
7.2

HIGH

CVE-2025-8078

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W...

Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products
Published: Oct. 21, 2025

Modified: Oct. 28, 2025
4.3

MEDIUM

CVE-2025-48025

In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file....

Affected Products : exynos_980_firmware exynos_850_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_850 exynos_1280 exynos_1380 +10 more products
Published: Oct. 20, 2025

Modified: Oct. 28, 2025

Vuln Type: Authorization
7.5

HIGH

CVE-2025-26782

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S...

Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_9110_firmware exynos_w920_firmware +20 more products
Published: Oct. 20, 2025

Modified: Oct. 28, 2025

Vuln Type: Denial of Service
8.1

HIGH

CVE-2025-9133

A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series fir...

Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products
Published: Oct. 21, 2025

Modified: Oct. 28, 2025
7.5

HIGH

CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle G...

Affected Products : jdk jre graalvm java_se graalvm_for_jdk
Published: Oct. 21, 2025

Modified: Oct. 28, 2025

Showing 20 of 4185 Results

Browse by Apps

Latest CVE Feed

6.5

5.3

6.5

9.9

6.0

6.5

8.8

5.5

7.8

7.8

7.8

8.4

8.8

7.5

8.8

7.2

4.3

7.5

8.1

7.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable