Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-54292

    Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-54291

    Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-54290

    Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.4

    HIGH
    CVE-2025-54289

    Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-54288

    Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device info... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-54287

    Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 t... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-54286

    Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-9697

    The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-9587

    The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-61692

    VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-61691

    VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-61690

    KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-58777

    VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-58776

    KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-58775

    KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-11221

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue af... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-11182

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-11020

    An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects ... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-61588

    RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to ... Read more

    Affected Products :
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-61583

    TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where mal... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4492 Results