Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-11820

    The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attribut... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12192

    The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated atta... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-12677

    The KiotViet Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the register_api_route() function in kiotvietsync/includes/public_actions/WebHookAction.php. This makes it possible for ... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-11749

    The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible f... Read more

    Affected Products : ai_engine
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-20305

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechan... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-10873

    The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_addons_for_elementor_forms_send_form action.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-61304

    OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-64151

    Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-12745

    A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The ex... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-11162

    The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escapi... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61431

    A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser vi... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12676

    The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This mak... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-20289

    Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64320

    Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.... Read more

    Affected Products : agentforce_vibes_extension
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2025-59596

    CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet... Read more

    Affected Products : secure_access
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-62507

    Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is f... Read more

    Affected Products : redis
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-55108

    The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE: The vendor believes t... Read more

    Affected Products : control-m\/agent
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-12197

    The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-56230

    Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-31133

    runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-m... Read more

    Affected Products : runc
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3727 Results