Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-61928

    Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` rou... Read more

    Affected Products : better_auth
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2025-21063

    Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.... Read more

    Affected Products : voice_recorder
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-35051

    Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the rec... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 6.6

    MEDIUM
    CVE-2025-21065

    Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-11449

    ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially cr... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59997

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attac... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59992

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attac... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59989

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the att... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59988

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the atta... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59983

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the atta... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59967

    A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allows an unauthenticated, adjacent attacker to cause a Den... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-52961

    An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 4.7

    MEDIUM
    CVE-2025-10281

    BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-59964

    A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is ... Read more

    Affected Products : junos
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-59957

    An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete co... Read more

    Affected Products : junos
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-52960

    A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). W... Read more

    Affected Products : junos
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-59980

    An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" o... Read more

    Affected Products : junos
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-59995

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attac... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59999

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the ... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-60010

    A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by us... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication
Showing 20 of 3916 Results