Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2025-41738

An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition....

Affected Products : control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl control_for_plcnext_sl control_for_raspberry_pi_sl control_for_wago_touch_panels_600_sl control_for_linux_arm_sl +4 more products
Published: Dec. 01, 2025

Modified: Dec. 01, 2025

Vuln Type: Denial of Service
6.0

MEDIUM

CVE-2025-49643

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service....

Affected Products : zabbix
Published: Dec. 01, 2025

Modified: Dec. 01, 2025

Vuln Type: Denial of Service
5.9

MEDIUM

CVE-2025-41739

An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a...

Affected Products : plchandler control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl control_for_plcnext_sl control_for_raspberry_pi_sl control_for_wago_touch_panels_600_sl +1 more products
Published: Dec. 01, 2025

Modified: Dec. 01, 2025

Vuln Type: Race Condition
4.2

MEDIUM

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3....

Affected Products : htcondor
Published: Nov. 30, 2025

Modified: Dec. 01, 2025

Vuln Type: Authentication
5.3

MEDIUM

CVE-2025-13793

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing...

Affected Products :
Published: Nov. 30, 2025

Modified: Dec. 01, 2025

Vuln Type: Cross-Site Scripting
5.0

MEDIUM

CVE-2025-66432

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date....

Affected Products :
Published: Nov. 30, 2025

Modified: Dec. 01, 2025

Vuln Type: Authentication

Showing 20 of 4886 Results

Browse by Apps

Latest CVE Feed

7.5

CVE-2025-41738

6.0

CVE-2025-49643

5.9

CVE-2025-41739

4.2

CVE-2025-66433

5.3

CVE-2025-13793

5.0

CVE-2025-66432

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable