Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-13768

    WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-66252

    Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Denial of Service

  • 9.9

    CRITICAL
    CVE-2025-66255

    Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation all... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authentication

  • 4.4

    MEDIUM
    CVE-2025-64315

    Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-13757

    SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-13765

    Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-64334

    Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. T... Read more

    Affected Products : suricata
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-13771

    WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-58303

    UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-13758

    Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-12559

    Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/c... Read more

    Affected Products : mattermost_server
    • Published: Nov. 27, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2025-66251

    Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-12653

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-58311

    UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2025-66263

    Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_s... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-58304

    Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-66256

    Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-6195

    GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration cond... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-58302

    Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-58312

    Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Authorization
Showing 20 of 3019 Results