Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-58769

    auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected appl... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-54110

    Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Sep. 09, 2025
    • Modified: Oct. 01, 2025

  • 0.0

    NA
    CVE-2025-59148

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the entropy keyword when not anchored to a "sticky" buffer, which can lead t... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-56588

    Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-57444

    An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description param... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-59147

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-60991

    A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-59682

    An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an ... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-59681

    An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted d... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-58055

    Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t autho... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-58054

    Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text edit... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-46205

    A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) via supplying a crafted PDF file.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-43718

    Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::l... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-28357

    A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-10578

    A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-57494

    Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-4993

    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 befor... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.4

    HIGH
    CVE-2025-8410

    Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-52543

    E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.... Read more

    • Published: Sep. 02, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-52544

    E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file sys... Read more

    • Published: Sep. 02, 2025
    • Modified: Oct. 01, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4486 Results