Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-11872

    The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-62775

    Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-11818

    The WP Responsive Meet The Team plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wprm_team' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53728

    In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allo... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 6.9

    MEDIUM
    CVE-2025-62661

    Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension,... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-11825

    The Playerzbr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'urlmeta' post meta field in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-11915

    Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2024-58274

    Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 3.1

    LOW
    CVE-2025-62772

    On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-62774

    On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-10651

    The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the order_mail field and a lack of escaping on out... Read more

    Affected Products : welcart_e-commerce
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-53693

    In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix the memory leak in raw_gadget driver Currently, increasing raw_dev->count happens before invoke the raw_queue_event(), if the raw_queue_event() return error, invoke raw... Read more

    Affected Products : linux_kernel
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-62248

    A reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.0

    LOW
    CVE-2025-62247

    Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 5.2

    MEDIUM
    CVE-2025-58712

    A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-24934

    Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the ... Read more

    Affected Products : freebsd
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-62611

    aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-62607

    Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value informat... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Information Disclosure

  • 2.1

    LOW
    CVE-2025-62659

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki CookieConsent extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki CookieConsent extension:... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-62606

    my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute ar... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection
Showing 20 of 3723 Results