Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-63713

    Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to pr... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-57697

    AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-12873

    A security flaw has been discovered in Campcodes School File Management 1.0. This affects an unknown part of the file /admin/update_user.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack r... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-12856

    A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit ... Read more

    Affected Products : responsive_hotel_site
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 9.2

    CRITICAL
    CVE-2023-7305

    SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensit... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.6

    CRITICAL
    CVE-2025-46404

    A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger... Read more

    Affected Products : lasso
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 8.2

    HIGH
    CVE-2025-27919

    An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty... Read more

    Affected Products : anydesk
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-27918

    An issue was discovered in AnyDesk before 9.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any t... Read more

    Affected Products : anydesk
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27917

    An issue was discovered in AnyDesk through 9.0.4. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference.... Read more

    Affected Products : anydesk
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-27916

    An issue was discovered in AnyDesk through 9.0.4. When the connection between two clients is established via an IP address, it is possible to manipulate the data and spoof the AnyDesk ID.... Read more

    Affected Products : anydesk
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-64164

    Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a risk of JNDI injection (Java Naming and Directory Interface injection... Read more

    Affected Products : dataease
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-64163

    DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue i... Read more

    Affected Products : dataease
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.6

    MEDIUM
    CVE-2025-43418

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more

    Affected Products : iphone_os ipados
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-31954

    HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access informatio... Read more

    Affected Products : dryice_iautomate
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-30479

    Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.... Read more

    Affected Products : cloudlink
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-43000

    A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-46424

    Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service.... Read more

    Affected Products : cloudlink
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2025-46366

    Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information.... Read more

    Affected Products : cloudlink
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2025-46365

    Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.... Read more

    Affected Products : cloudlink
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-58725

    Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 07, 2025
Showing 20 of 3924 Results