Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-54901

    Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 7.8

    HIGH
    CVE-2025-54902

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 8.8

    HIGH
    CVE-2025-54113

    Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 6.2

    MEDIUM
    CVE-2025-59149

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-59148

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead t... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59147

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-58769

    auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected appl... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-57444

    An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description param... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57254

    An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly s... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-56676

    TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log in as another user, due to improper validation of token-user linkage. This... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-56588

    Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-56520

    Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-56301

    An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-56207

    A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent as... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-55797

    An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-43718

    Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::l... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 7.0

    HIGH
    CVE-2025-54112

    Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 7.8

    HIGH
    CVE-2025-54111

    Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 8.8

    HIGH
    CVE-2025-54110

    Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 8.8

    HIGH
    CVE-2025-60991

    A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4492 Results