Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-6990

    The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the `TH_PhpCode` pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators.... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-6988

    The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This m... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-29270

    Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-64168

    Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and ... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Race Condition

  • 9.8

    CRITICAL
    CVE-2025-8489

    The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that us... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-12507

    The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.... Read more

    Affected Products : _connect.brain
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-11761

    A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-12623

    A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-12657

    The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.... Read more

    Affected Products : mongodb
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-11816

    The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disconnect_account_request() function in all vers... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-11174

    The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dll_load_posts which returns a JSON table of document dat... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-48396

    Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-48397

    The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-40107

    In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in co... Read more

    Affected Products : linux_kernel
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-11983

    The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified i... Read more

    Affected Products :
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.2

    CRITICAL
    CVE-2025-64385

    The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has ... Read more

    Affected Products : tcprs1plus
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-8385

    The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url function. This makes it possible for authenticated attackers, with subscri... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-64387

    The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on... Read more

    Affected Products : tcprs1plus
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-40106

    In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if cha... Read more

    Affected Products : linux_kernel
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-11602

    Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3681 Results