Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-12785

    Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-64383

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-36096

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.... Read more

    Affected Products : aix vios
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-36251

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previo... Read more

    Affected Products : aix vios
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-8870

    On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153... Read more

    Affected Products : eos
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 7.3

    HIGH
    CVE-2025-64500

    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29... Read more

    Affected Products : symfony
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-64267

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ult... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 10.0

    CRITICAL
    CVE-2025-36250

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulner... Read more

    Affected Products : aix vios
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-64741

    Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.... Read more

    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-64292

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: ... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2025-64738

    External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.... Read more

    Affected Products : workplace_desktop
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-60689

    An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-12377

    The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for... Read more

    Affected Products : envira_gallery
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-55073

    Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, 10.12.x <= 10.12.0 fail to validate the relationship between the post being updated and the MSTeams plugin OAuth flow which allows an attacker to edit arbitrary posts via a crafted MSTeams plugin ... Read more

    Affected Products : mattermost_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-64274

    Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.... Read more

    Affected Products : wpkoi_templates_for_elementor
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-12818

    Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault... Read more

    Affected Products : postgresql
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2022-4984

    ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zent... Read more

    Affected Products : biz open_source_edition max
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-7704

    Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-8397

    The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-59840

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe ... Read more

    Affected Products : vega
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3763 Results