Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40027

    In the Linux kernel, the following vulnerability has been resolved: net/9p: fix double req put in p9_fd_cancelled Syzkaller reports a KASAN issue as below: general protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 [#1] PREEM... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 7.6

    HIGH
    CVE-2025-41090

    microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organizat... Read more

    Affected Products : microclaudia
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1038

    The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected ... Read more

    Affected Products : tropos_4th_gen
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-10150

    Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31... Read more

    Affected Products : smartlink_hw-dp smartlink_hw-pn
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40026

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O When completing emulation of instruction that generated a userspace exit for I/O, don't recheck L1 intercepts as KV... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025

  • 7.2

    HIGH
    CVE-2025-10151

    Improper locking vulnerability in Softing Industrial Automation GmbH gateways allows infected memory and/or resource leak exposure.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40030

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() ca... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025

  • 8.8

    HIGH
    CVE-2025-62777

    Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-62259

    Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verifie... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 8.9

    HIGH
    CVE-2025-62725

    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2025-61235

    An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, du... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-49042

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.... Read more

    Affected Products : woocommerce
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-1036

    Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root ... Read more

    Affected Products : tropos_4th_gen
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40047

    In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a canc... Read more

    Affected Products : linux_kernel
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-60354

    Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 9.6

    CRITICAL
    CVE-2025-4665

    WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation ... Read more

    Affected Products : cfdb7
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-62798

    Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, express... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-58356

    Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM i... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-27093

    Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with e... Read more

    Affected Products : sliver
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-56399

    alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Altho... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication
Showing 20 of 3719 Results