Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-12556

    An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2021-47693

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object edi... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10680

    OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use... Read more

    Affected Products : openvpn
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11911

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-53425

    Incorrect Privilege Assignment vulnerability in Dokan, Inc. Dokan dokan-lite allows Privilege Escalation.This issue affects Dokan: from n/a through <= 4.1.2.... Read more

    Affected Products : dokan
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11756

    Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-9428

    Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.... Read more

    Affected Products : manageengine_analytics_plus
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49924

    Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.... Read more

    Affected Products : wholesale_suite
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-58619

    Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.... Read more

    Affected Products : falang
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-64109

    Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MC... Read more

    Affected Products : cursor
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-12346

    A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argumen... Read more

    Affected Products : maxsite_cms cms
    • Published: Oct. 28, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-41110

    Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the att... Read more

    Affected Products : vision_60_firmware vision_60
    • Published: Oct. 22, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-62958

    Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts &amp; Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts &amp; Pages: from n/a ... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-11702

    GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.... Read more

    Affected Products : gitlab
    • Published: Oct. 29, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-64101

    Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to constr... Read more

    Affected Products : zitadel
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-12100

    Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-12261

    A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotel... Read more

    Affected Products : gym_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12779

    Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstan... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-12490

    Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. T... Read more

    Affected Products : pfsense
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-9713

    Path traversal in Ivanti Endpoint Manager before version 2024 SU4 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3923 Results