Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-55278

    Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired ... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-47151

    A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 9.6

    CRITICAL
    CVE-2025-46784

    A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 9.6

    CRITICAL
    CVE-2025-46705

    A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to tri... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 9.6

    CRITICAL
    CVE-2025-46404

    A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-12779

    Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstan... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-63585

    OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-63334

    PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell ... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-60784

    A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnor... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-59185

    External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 05, 2025

  • 5.3

    MEDIUM
    CVE-2025-59716

    ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail addr... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2025-56231

    Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-49494

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an 5G NRMM packet leads to a Denial of Service.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-59186

    Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 05, 2025

  • 7.8

    HIGH
    CVE-2025-59187

    Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 05, 2025

  • 5.5

    MEDIUM
    CVE-2025-59188

    Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 05, 2025

  • 7.4

    HIGH
    CVE-2025-59189

    Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 05, 2025

  • 8.2

    HIGH
    CVE-2025-60801

    jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.... Read more

    Affected Products : jsherp
    • Published: Oct. 24, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authentication

  • 7.6

    HIGH
    CVE-2025-60424

    A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.... Read more

    Affected Products : fusion
    • Published: Oct. 27, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-60425

    Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.... Read more

    Affected Products : fusion
    • Published: Oct. 27, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 3904 Results