Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-10991

    The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 4.0

    MEDIUM
    CVE-2025-10859

    Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-58040

    Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-10585

    Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Actively Exploited
    • Published: Sep. 24, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-41244

    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may e... Read more

    • Published: Sep. 29, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-40838

    Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-40837

    Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-40836

    Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-27262

    Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-27261

    Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data.... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-11153

    This vulnerability affects Firefox < 143.0.3.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025

  • 0.0

    NA
    CVE-2025-11152

    This vulnerability affects Firefox < 143.0.3.... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025

  • 6.0

    MEDIUM
    CVE-2025-10217

    A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-58767

    REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or l... Read more

    Affected Products : rexml
    • Published: Sep. 17, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-9993

    The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inc... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-9991

    The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-9948

    The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on the admin settings page. This makes it possible for unauthenticated a... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-9946

    The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-9852

    The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-9762

    The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in all versions up to, and including, 1.0.4b. This makes it possible for unauthenticated attackers to uploa... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Sep. 30, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4331 Results