Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-12636

    The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds ... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-52565

    runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/... Read more

    Affected Products : runc
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-10968

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: fr... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12490

    Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. T... Read more

    Affected Products : pfsense
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-12486

    Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to ... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2022-50596

    D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privi... Read more

    Affected Products : suitecrm dir-1260_firmware
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-34241

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2022-50591

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to t... Read more

    Affected Products : iview
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-63690

    In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type S... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2022-50592

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ param... Read more

    Affected Products : iview
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-64435

    KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher ... Read more

    Affected Products : kubevirt
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2022-50590

    SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects... Read more

    Affected Products : suitecrm
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-64184

    Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is prope... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-4519

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for ... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-64437

    KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the owne... Read more

    Affected Products : kubevirt
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-64179

    lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sen... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-34246

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosur... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-34244

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to di... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-34242

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of d... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-34237

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker t... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3678 Results