Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-22176

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.2

    MEDIUM
    CVE-2025-57848

    A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execu... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-54983

    A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-12943

    Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to t... Read more

    Affected Products : rax30_firmware
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2025-58712

    A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-64716

    Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redir... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-13181

    A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-34318

    IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the TLS_HOSTNAME, UPSTREAM_USER, UPSTREAM_PASSWORD, ADMIN_MAIL_ADDR... Read more

    Affected Products : ipfire
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-54966

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information.... Read more

    Affected Products : socet_gxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-36136

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still st... Read more

    Affected Products : db2
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.1

    MEDIUM
    CVE-2025-60685

    A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using ssca... Read more

    Affected Products : a720r_firmware a720r
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-10348

    URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. T... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-12923

    A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be lau... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-34247

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure o... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-34135

    Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-13058

    A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is iden... Read more

    Affected Products : extplorer
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-13180

    A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in b... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-13182

    A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The expl... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-43024

    A GUI dialog of an application allows to view what files are in the file system without proper authorization.... Read more

    Affected Products : thinpro_8.1
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2025-40681

    Cross-site Scripting (XSS) vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. ... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3724 Results