Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-50949

    FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.... Read more

    Affected Products : fontforge
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-50951

    FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.... Read more

    Affected Products : fontforge
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-60837

    A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.... Read more

    Affected Products : mcms
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-59275

    Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 7.8

    HIGH
    CVE-2025-59277

    Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 7.8

    HIGH
    CVE-2025-59278

    Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 7.0

    HIGH
    CVE-2025-59282

    Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 5.5

    MEDIUM
    CVE-2025-59284

    Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 7.0

    HIGH
    CVE-2025-59285

    Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_monitor_agent
    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-59288

    Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.... Read more

    Affected Products : playwright
    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 7.5

    HIGH
    CVE-2025-12055

    HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Wind... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 9.9

    CRITICAL
    CVE-2025-34267

    Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm e... Read more

    Affected Products : flowise
    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-55081

    In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case o... Read more

    Affected Products : threadx_netx_duo threadx_usbx
    • Published: Oct. 15, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-12233

    A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The expl... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-12234

    A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-12235

    A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow. The attack must originate from the local network. The e... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-12236

    A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The ... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12237

    A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exp... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12238

    A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to... Read more

    Affected Products : automated_voting_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-11646

    A vulnerability was detected in Tomofun Furbo 360 and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in improper access controls. The attack can only be performed from the local network. The exp... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization
Showing 20 of 4186 Results