Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-59716

    ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail addr... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-62722

    LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrary JavaScript by ... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-43990

    Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-59596

    CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet... Read more

    Affected Products : secure_access
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Denial of Service

  • 8.0

    HIGH
    CVE-2025-10622

    A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of ... Read more

    Affected Products : satellite
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-12580

    The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12745

    A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The ex... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-32786

    The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.... Read more

    Affected Products : glpi_inventory
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-63294

    WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 4.2

    MEDIUM
    CVE-2025-52602

    HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application.  An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs).  An attacker can use that informat... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-12563

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authent... Read more

    Affected Products : blog2social
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-11271

    The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_overr... Read more

    Affected Products : easy_digital_downloads
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-11268

    The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sani... Read more

    Affected Products : strong_testimonials
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-61994

    Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page.... Read more

    Affected Products : growi
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-12556

    An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-59392

    On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the Admin password by inserting a USB drive (containing a publicly documented reset string) into a USB port.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-9338

    A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional ... Read more

    Affected Products : armoury_crate
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-12560

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with S... Read more

    Affected Products : blog2social
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-12360

    The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up to, and including, 1.7.7. This makes it possible for authe... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-64171

    MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets ... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 3698 Results