Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-20026

    Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-20032

    Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-20039

    Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Race Condition

  • 8.0

    HIGH
    CVE-2025-20046

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-20062

    Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-20618

    Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • Published: May. 13, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-59019

    Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9680

    A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be ini... Read more

    Affected Products : o2oa
    • Published: Aug. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59018

    Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive i... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-9681

    A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. T... Read more

    Affected Products : o2oa
    • Published: Aug. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-59017

    Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the correspondin... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-59016

    Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-59015

    A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-59014

    An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-59013

    An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by... Read more

    Affected Products : typo3
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-9682

    A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripti... Read more

    Affected Products : o2oa
    • Published: Aug. 30, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-54236

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidential... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Sep. 09, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-7718

    The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity p... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-10227

    Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in ... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-10226

    Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via explo... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Supply Chain
Showing 20 of 293334 Results