Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32222

    Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5.... Read more

    Affected Products : widget_logic
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-31029

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-27916

    An issue was discovered in AnyDesk through 9.0.4. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.... Read more

    Affected Products : anydesk
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-12728

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Mediu... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-12727

    Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-12725

    Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-12447

    Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-12446

    Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-12445

    Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-12444

    Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-12443

    Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-12441

    Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-12437

    Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-12433

    Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-12431

    Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Hig... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-12430

    Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-12428

    Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-62429

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PH... Read more

    Affected Products : clipbucket
    • Published: Oct. 20, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-62430

    ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Produ... Read more

    Affected Products : clipbucket
    • Published: Oct. 17, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-62424

    ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated a... Read more

    Affected Products : clipbucket
    • Published: Oct. 17, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3720 Results