Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2025-58310

    Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-58309

    Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-58307

    UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-58303

    UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-58294

    Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-66361

    An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.... Read more

    Affected Products : siem
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-66360

    An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.... Read more

    Affected Products : siem
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-66359

    An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : siem
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-3261

    ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API e... Read more

    Affected Products : thingsboard
    • Published: Nov. 27, 2025
    • Modified: Nov. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-12421

    Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform acco... Read more

    Affected Products : mattermost_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-12559

    Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/c... Read more

    Affected Products : mattermost_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-13765

    Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-13758

    Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-13757

    SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-12419

    Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take ... Read more

    Affected Products : mattermost_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-8890

    Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by ... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Nov. 27, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-13692

    The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for un... Read more

    Affected Products : unlimited_elements_for_elementor
    • Published: Nov. 27, 2025
    • Modified: Nov. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-12140

    The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated atta... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Nov. 27, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-12971

    The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'wcp_change_post_folder' function in all ve... Read more

    Affected Products : folders
    • Published: Nov. 27, 2025
    • Modified: Nov. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-59454

    In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insuf... Read more

    Affected Products : cloudstack
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization
Showing 20 of 3022 Results