Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-41067

    Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and render... Read more

    Affected Products : open5gs open5gs
    • Published: Oct. 27, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-64171

    MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which allows users to bypass RBAC and access secrets ... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-22167

    This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2023-7322

    Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the AP... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41345

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasByI... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-59171

    Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-49145

    Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly administrators) can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback sig... Read more

    Affected Products : itop
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-62614

    BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thu... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-41343

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41341

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenu... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-41335

    A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.... Read more

    Affected Products : canaldenuncia.app
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-64431

    Zitadel is an open source identity management platform. Versions 4.0.0-rc.1 through 4.6.2 are vulnerable to secure Direct Object Reference (IDOR) attacks through its V2Beta API, allowing authenticated users with specific administrator roles within one org... Read more

    Affected Products : zitadel
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2023-7327

    Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with t... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2022-4985

    Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remo... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-34240

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclos... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-34242

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of d... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-11892

    An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege escalation and unauthorized workflow triggers. Successful e... Read more

    Affected Products : enterprise_server
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-48044

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from... Read more

    Affected Products : ash
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-34280

    Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger co... Read more

    Affected Products : network_analyzer
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-34293

    GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR) vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive ... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization
Showing 20 of 3808 Results