Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.5

    HIGH
    CVE-2025-43017

    HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.... Read more

    Affected Products : hp_thinpro_8.1
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11375

    Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterpr... Read more

    Affected Products : consul
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-11374

    Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise ... Read more

    Affected Products : consul
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-62367

    Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-61235

    An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, du... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-59837

    Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lea... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-27093

    Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with e... Read more

    Affected Products : sliver
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-40843

    CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by th... Read more

    Affected Products : codechecker
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-12425

    Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-12424

    Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-12423

    Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-61080

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-60805

    An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-60800

    Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-60355

    zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-60354

    Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-12422

    Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-54605

    Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-54604

    Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-61155

    Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4038 Results