Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11200

    MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific fla... Read more

    Affected Products : mlflow
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-12305

    A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack ca... Read more

    Affected Products : shiyi-blog
    • Published: Oct. 27, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-60803

    Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-12602

    /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    • Published: Nov. 01, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-54539

    A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious ser... Read more

    Affected Products : activemq_nms_amqp
    • Published: Oct. 16, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-47588

    Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: fr... Read more

    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12208

    A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be car... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6440

    The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all v... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-60220

    Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-60214

    Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through <= 1.2.1.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-62586

    OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.... Read more

    Affected Products : foiaxpress
    • Published: Oct. 16, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-60039

    Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-43995

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authe... Read more

    • Published: Oct. 24, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-10850

    The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' functio... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-60221

    Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-10742

    The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system ... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-58963

    Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10041

    The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacke... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-62023

    Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-34515

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recomme... Read more

    • Published: Oct. 16, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 4132 Results