Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-59048

    OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS ac... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-62893

    Authorization Bypass Through User-Controlled Key vulnerability in mediavine Create by Mediavine mediavine-create allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Create by Mediavine: from n/a through <= 1.9.14.... Read more

    Affected Products : create
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-12497

    The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'args[extra_template_path]' parameter. This makes it possible for unauthenticated attackers to i... Read more

    Affected Products : auxinportfolio
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-62964

    Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.4.... Read more

    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-13017

    Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-11959

    Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality M... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-13018

    Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-59558

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-11521

    The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This mak... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-12295

    A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be la... Read more

    Affected Products : dap-2695_firmware dap-2695
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Cryptography

  • 8.1

    HIGH
    CVE-2025-61751

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 8.1

    HIGH
    CVE-2025-21079

    Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : members
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.1

    HIGH
    CVE-2025-62518

    astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-12283

    A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public... Read more

    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-12615

    A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack ma... Read more

    Affected Products : news_portal news_portal_project
    • Published: Nov. 03, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cryptography

  • 8.1

    HIGH
    CVE-2025-64685

    In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure... Read more

    Affected Products : youtrack
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-62610

    Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud (Audience) verification option, which can cause confused-deputy / tok... Read more

    Affected Products : hono
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-58955

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through < 2.6.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-10488

    The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and includin... Read more

    Affected Products : directorist
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-9133

    A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series fir... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025
Showing 20 of 3839 Results