Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-59580

    Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.... Read more

    Affected Products : goodlayers_core
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11910

    A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-64353

    Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11493

    The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitu... Read more

    Affected Products : automate
    • Published: Oct. 16, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-58718

    Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 8.8

    HIGH
    CVE-2025-11905

    A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploi... Read more

    Affected Products : chancms
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-47902

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.... Read more

    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-61955

    A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have rea... Read more

    Affected Products : f5os-a f5os-c
    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-62525

    OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This onl... Read more

    Affected Products : openwrt
    • Published: Oct. 22, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-58715

    Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 8.8

    HIGH
    CVE-2025-41110

    Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the att... Read more

    Affected Products : vision_60_firmware vision_60
    • Published: Oct. 22, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-62220

    Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : windows_subsystem_for_linux_gui
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 8.8

    HIGH
    CVE-2025-12238

    A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to... Read more

    Affected Products : automated_voting_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-43505

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.... Read more

    Affected Products : xcode
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-48078

    Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-48083

    Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-49394

    Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and displa... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-12221

    Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    • Published: Oct. 25, 2025
    • Modified: Nov. 07, 2025

  • 8.8

    HIGH
    CVE-2025-12262

    A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-41719

    A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known de... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4110 Results