Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.6

HIGH

CVE-2025-64293

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0....

Affected Products :
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Injection
7.8

HIGH

CVE-2025-60720

Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
8.6

HIGH

CVE-2025-40815

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE...

Affected Products :
Published: Nov. 11, 2025

Modified: Nov. 12, 2025

Vuln Type: Memory Corruption
4.3

MEDIUM

CVE-2025-12732

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting() function in all versions up to, and including, 7.33. This ...

Affected Products :
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Authorization
7.0

HIGH

CVE-2025-59515

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
8.0

HIGH

CVE-2025-60715

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
7.5

HIGH

CVE-2025-12903

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due...

Affected Products :
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Authorization
7.1

HIGH

CVE-2025-60726

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally....

Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
7.0

HIGH

CVE-2025-62213

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
7.8

HIGH

CVE-2025-62200

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally....

Affected Products : 365_apps excel_2016 office_2024 office_2021 office_2019
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
6.9

MEDIUM

CVE-2025-11566

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different creden...

Affected Products :
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Authentication
0.0

NA

CVE-2025-40130

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack internal synchronization by design, requiring the cal...

Affected Products : linux_kernel
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Race Condition
8.7

HIGH

CVE-2025-62210

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network....

Affected Products : dynamics_365
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
2.1

LOW

CVE-2025-3717

When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being us...

Affected Products :
Published: Nov. 11, 2025

Modified: Nov. 12, 2025

Vuln Type: Authorization
7.8

HIGH

CVE-2025-60718

Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally....

Affected Products : windows_11_24h2 windows_11_25h2
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
6.3

MEDIUM

CVE-2025-60723

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
7.8

HIGH

CVE-2025-60713

Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_23h2 windows_server_2025
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
7.3

HIGH

CVE-2025-11567

CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured....

Affected Products :
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Misconfiguration
7.0

HIGH

CVE-2025-60716

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
0.0

NA

CVE-2025-40172

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer request from the user with a length field set to 0, or in...

Affected Products : linux_kernel
Published: Nov. 12, 2025

Modified: Nov. 12, 2025

Vuln Type: Misconfiguration

Showing 20 of 3773 Results

Browse by Apps

Latest CVE Feed

7.6

7.8

8.6

4.3

7.0

8.0

7.5

7.1

7.0

7.8

6.9

0.0

8.7

2.1

7.8

6.3

7.8

7.3

7.0

0.0

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable