Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2021-4464

    FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 by... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 3.8

    LOW
    CVE-2025-64170

    sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this h... Read more

    Affected Products : sudo
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40206

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2017-20211

    UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without suf... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2022-4983

    TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2023-7329

    Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2023-7326

    The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper i... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-12048

    An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.... Read more

    Affected Products : scanner_pro
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40182

    In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg") introduced cra_reqsize field in crypto_alg struct to replace type specific reqsi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40191

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault eve... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-13042

    Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-63419

    Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.0

    MEDIUM
    CVE-2025-12047

    A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.... Read more

    Affected Products : scanner_pro
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-61667

    The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-script... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40188

    In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will b... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40197

    In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-64262

    Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0.... Read more

    Affected Products : auto_prune_posts
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-64710

    Bitplatform Boilerplate is a Visual studio and .NET project template. Versions prior to 9.11.3 are affected by a cross-site scripting (XSS) vulnerability in the WebInteropApp/WebAppInterop, potentially allowing attackers to inject malicious scripts that c... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-64265

    Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.2.... Read more

    Affected Products : frontend_file_manager
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11923

    The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST AP... Read more

    Affected Products : lifterlms
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authorization
Showing 20 of 3690 Results