Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-62252

    Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported ver... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-62363

    yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write acc... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-42906

    SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configu... Read more

    Affected Products : commerce_cloud
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-10552

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-61775

    Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under cer... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-62244

    Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows re... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-9066

    A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service.... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: XML External Entity

  • 5.3

    MEDIUM
    CVE-2025-62243

    Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers t... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39964

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Further... Read more

    Affected Products : linux_kernel
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39965

    In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-42939

    SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker c... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-9437

    A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Ob... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-46581

    ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges.... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-9177

    A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communicati... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 2.9

    LOW
    CVE-2025-62366

    mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated co... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-11548

    A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-62157

    Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-contr... Read more

    Affected Products : argo_workflows
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-41718

    A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-41699

    An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of ... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-62246

    Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3915 Results