Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-55086

    In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memor... Read more

    Affected Products : threadx_netx_duo
    • Published: Oct. 20, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-62597

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. T... Read more

    Affected Products : wegia
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-55340

    Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 5.5

    MEDIUM
    CVE-2025-55676

    Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 7.8

    HIGH
    CVE-2025-55677

    Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 7.0

    HIGH
    CVE-2025-55678

    Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 7.1

    HIGH
    CVE-2025-9339

    SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-22168

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-55679

    Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 7.8

    HIGH
    CVE-2025-55680

    Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 7.8

    HIGH
    CVE-2025-55681

    Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 6.1

    MEDIUM
    CVE-2025-55682

    Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-53067

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-53068

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execut... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-53069

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with... Read more

    Affected Products : mysql_server
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-53071

    Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network a... Read more

    Affected Products : applications_framework
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 9.8

    CRITICAL
    CVE-2025-53072

    Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more

    Affected Products : marketing
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 2.7

    LOW
    CVE-2025-61749

    Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compro... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-61750

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 8.1

    HIGH
    CVE-2025-61751

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025
Showing 20 of 3872 Results