Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.9

    CRITICAL
    CVE-2025-55343

    Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp, Administracion/listas/formArea_ajax.php codDepe, Administrac... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-55315

    Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.... Read more

    Affected Products : asp.net_core visual_studio_2022
    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025

  • 9.9

    CRITICAL
    CVE-2025-0987

    Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103.... Read more

    Affected Products : cvland
    • Published: Nov. 03, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-48983

    A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Oct. 31, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-54469

    A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer con... Read more

    Affected Products : neuvector
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-7328

    Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifi... Read more

    Affected Products : 1783-natr_firmware 1783-natr
    • Published: Oct. 14, 2025
    • Modified: Oct. 29, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-58428

    The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This c... Read more

    Affected Products : tls4b_automatic_tank_gauge_system
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-10020

    Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.... Read more

    Affected Products : manageengine_admanager_plus
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-47699

    Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue aff... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 9.9

    CRITICAL
    CVE-2025-62645

    The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.... Read more

    • Published: Oct. 17, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-6950

    An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an ... Read more

    Affected Products : tn-4900_firmware
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-13032

    Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Memory Corruption

  • 9.9

    CRITICAL
    CVE-2025-62650

    The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.... Read more

    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-49708

    Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 23, 2025

  • 9.9

    CRITICAL
    CVE-2025-34267

    Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm e... Read more

    Affected Products : flowise
    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-62065

    Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.9

    CRITICAL
    CVE-2025-62016

    Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12813

    The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. Thi... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11457

    The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting t... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-11170

    The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Authentication
Showing 20 of 3923 Results