Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-62728

    SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift A... Read more

    Affected Products : hive
    • Published: Nov. 26, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-13787

    A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management... Read more

    Affected Products : zentao
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-13788

    A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The ... Read more

    Affected Products : chanjet_cms chanjet_crm
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13789

    A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit ha... Read more

    Affected Products : zentao
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-62189

    LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request.... Read more

    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-66059

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-66060

    Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-66061

    Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.... Read more

    Affected Products : seriously_simple_podcasting
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.2

    HIGH
    CVE-2025-11931

    Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-11932

    The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-59390

    Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`, which is not a cryp... Read more

    Affected Products : druid
    • Published: Nov. 26, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-12888

    Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to... Read more

    Affected Products : wolfssl
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cryptography

  • 8.1

    HIGH
    CVE-2025-65946

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has bee... Read more

    Affected Products : roo_code
    • Published: Nov. 21, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-12889

    With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.... Read more

    Affected Products : wolfssl
    • Published: Nov. 22, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2025-12877

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized modification od data due to a missing capability check on the panding_blood_request_action() function in all versions up to, and including... Read more

    Affected Products : idonate
    • Published: Nov. 22, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-13545

    A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pa... Read more

    Affected Products : travel-agency
    • Published: Nov. 23, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-13546

    A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user_query r... Read more

    Affected Products : travel-agency
    • Published: Nov. 23, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-20750

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-20751

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interacti... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-20752

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interacti... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +39 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4566 Results