Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-53070

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris e... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2025
    • Modified: Oct. 27, 2025

  • 5.5

    MEDIUM
    CVE-2025-43499

    This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-46602

    Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... Read more

    Affected Products : supportassist_os_recovery
    • Published: Oct. 27, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-59229

    Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025

  • 5.5

    MEDIUM
    CVE-2025-54275

    Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to crash the application or make it unavailable. Exploita... Read more

    Affected Products : substance_3d_viewer
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-53061

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with net... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 5.5

    MEDIUM
    CVE-2025-60359

    radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.... Read more

    Affected Products : radare2
    • Published: Oct. 17, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-10406

    The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks.... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-43477

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-59211

    Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025

  • 5.5

    MEDIUM
    CVE-2025-61554

    A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-10651

    The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'order_mail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the order_mail field and a lack of escaping on out... Read more

    Affected Products : welcart_e-commerce
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-55325

    Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 23, 2025

  • 5.5

    MEDIUM
    CVE-2025-43446

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to modify protected parts of the file system.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-12245

    A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin v... Read more

    Affected Products : chatwoot
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-59204

    Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025

  • 5.5

    MEDIUM
    CVE-2025-55676

    Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 5.5

    MEDIUM
    CVE-2025-12206

    A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may b... Read more

    Affected Products : kamailio
    • Published: Oct. 27, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-11941

    A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path travers... Read more

    Affected Products :
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-59190

    Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025
Showing 20 of 4005 Results