Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2025-62381

    sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array propertie... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-11832

    Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-62410

    In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attacker... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-62371

    OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-10577

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabil... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-58426

    desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-11701

    The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the za_create_zip_callback function in all versions up to, and including, 1.6. This makes ... Read more

    Affected Products : zip_attachments
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-11692

    The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attacke... Read more

    Affected Products : zip_attachments
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-10754

    The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-10730

    The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to, and including, 4.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10682

    The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly in SQL queries. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-41253

    The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The a... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-20350

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. Th... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Denial of Service

  • 4.4

    MEDIUM
    CVE-2025-11568

    A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-41019

    SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.... Read more

    Affected Products : exito
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10850

    The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' functio... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-41254

    STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-10611

    Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerab... Read more

    Affected Products : api_manager identity_server
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2025-6338

    There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-58079

    Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3913 Results