Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-12762

    pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on th... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-64703

    MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue.... Read more

    Affected Products : maxkb
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-13130

    A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can ... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-64444

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-64716

    Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redir... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-60687

    An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that ... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2025-64745

    Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the `trailingSlash` configuration option is used. An attacker can i... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-13123

    A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/get_firstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the ... Read more

    Affected Products : hibos
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13114

    A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly av... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-62484

    Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.... Read more

    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2025-64746

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the... Read more

    Affected Products : directus
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-13161

    IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-64269

    Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 1.2.1... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-59367

    An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Ad... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-12892

    The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated... Read more

    Affected Products : survey_maker
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-59840

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe ... Read more

    Affected Products : vega
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-12536

    The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_tr... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-12785

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2025-12818

    Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault... Read more

    Affected Products : postgresql
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2022-4984

    ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zent... Read more

    Affected Products : biz open_source_edition max
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection
Showing 20 of 3740 Results