Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-36091

    IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.... Read more

    Affected Products : cloud_pak_for_business_automation
    • Published: Nov. 03, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-43432

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-43435

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-43429

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-43421

    Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-43384

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-20305

    A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechan... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-20377

    A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of requests to certain API... Read more

    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-12498

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function in all versions up to, and including, 4.2.0.0. This makes... Read more

    Affected Products : eventprime
    • Published: Nov. 08, 2025
    • Modified: Nov. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-58183

    tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the ar... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-62802

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other ... Read more

    Affected Products : dotnetnuke
    • Published: Oct. 28, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-43383

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.... Read more

    Affected Products : macos iphone_os tvos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-43443

    This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-43458

    This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more

    Affected Products : iphone_os tvos watchos safari ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-49937

    Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.... Read more

    Affected Products : smash_balloon_social_post_feed
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-11257

    The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authent... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-5605

    An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in p... Read more

    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-58918

    Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7.... Read more

    Affected Products : entrada
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-12360

    The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafar_ajax() function in all versions up to, and including, 1.7.7. This makes it possible for authe... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-11976

    The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missin... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 3676 Results