Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-64179

    lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sen... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-62630

    Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-4522

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter val... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2022-50595

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter t... Read more

    Affected Products : iview
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2022-50593

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the... Read more

    Affected Products : iview
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-64302

    Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-34247

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure o... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-12861

    A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql injection. The attack is possible to be carried out rem... Read more

    Affected Products : dedebiz
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2022-50594

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘Netwo... Read more

    Affected Products : iview
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-64336

    ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containin... Read more

    Affected Products : clipbucket
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-63689

    Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-64173

    Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to acces... Read more

    Affected Products : apollo_router
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 3.7

    LOW
    CVE-2025-48985

    A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade. More details: https://vercel.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-36006

    IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resource... Read more

    Affected Products : db2
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2025-12418

    Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configura... Read more

    Affected Products : installshield
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-63690

    In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type S... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-12862

    A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attac... Read more

    Affected Products : online_notes_sharing_platform
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-60574

    A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retriev... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-12911

    Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-59171

    Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3725 Results