Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.5

MEDIUM

CVE-2025-59188

Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2012_r2 windows_server_2025
Published: Oct. 14, 2025

Modified: Nov. 05, 2025
5.5

MEDIUM

CVE-2025-62209

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_23h2 +3 more products
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
5.5

MEDIUM

CVE-2025-43397

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause a denial-of-service....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Denial of Service
5.5

MEDIUM

CVE-2025-43378

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access sensitive user data....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Authorization
5.5

MEDIUM

CVE-2025-10874

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a...

Affected Products :
Published: Oct. 24, 2025

Modified: Oct. 27, 2025

Vuln Type: Server-Side Request Forgery
5.5

MEDIUM

CVE-2025-62208

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 windows_server_23h2 +3 more products
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
5.5

MEDIUM

CVE-2025-55695

Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Published: Oct. 14, 2025

Modified: Oct. 30, 2025
5.5

MEDIUM

CVE-2025-61554

A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access....

Affected Products :
Published: Oct. 16, 2025

Modified: Oct. 21, 2025

Vuln Type: Denial of Service
5.5

MEDIUM

CVE-2025-43288

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7. An app may be able to bypass Privacy preferences....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Path Traversal
5.5

MEDIUM

CVE-2025-61155

Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests....

Affected Products :
Published: Oct. 28, 2025

Modified: Oct. 30, 2025

Vuln Type: Denial of Service
5.5

MEDIUM

CVE-2025-59190

Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Published: Oct. 14, 2025

Modified: Oct. 17, 2025
5.5

MEDIUM

CVE-2025-48430

Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (M...

Affected Products :
Published: Oct. 23, 2025

Modified: Oct. 27, 2025

Vuln Type: Denial of Service
5.5

MEDIUM

CVE-2025-60706

Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 windows_11_24h2 +2 more products
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
5.5

MEDIUM

CVE-2025-60359

radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new....

Affected Products : radare2
Published: Oct. 17, 2025

Modified: Oct. 23, 2025

Vuln Type: Memory Corruption
5.5

MEDIUM

CVE-2025-43334

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Authorization
5.5

MEDIUM

CVE-2025-59240

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally....

Affected Products : 365_apps excel_2016 office_2024 office_2021 office_2019
Published: Nov. 11, 2025

Modified: Nov. 12, 2025
5.5

MEDIUM

CVE-2025-59184

Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025
Published: Oct. 14, 2025

Modified: Nov. 07, 2025
5.5

MEDIUM

CVE-2025-43348

A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 04, 2025

Vuln Type: Authentication
5.5

MEDIUM

CVE-2025-43335

The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data....

Affected Products : macos
Published: Nov. 04, 2025

Modified: Nov. 05, 2025

Vuln Type: Information Disclosure
5.4

MEDIUM

CVE-2011-10040

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbit...

Affected Products : nagios_xi xi
Published: Oct. 30, 2025

Modified: Nov. 06, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 4136 Results

Browse by Apps

Latest CVE Feed

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.5

5.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable