Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-13012

    Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-43389

    A privacy issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-12726

    Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60800

    Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.... Read more

    Affected Products : jsherp
    • Published: Oct. 28, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-62947

    Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.3.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-63248

    DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63463

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-11855

    The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary passwo... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63461

    Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63561

    Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed ... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-12764

    pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.... Read more

    Affected Products : pgadmin pgadmin_4
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-64359

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through < 6.7.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-64173

    Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to acces... Read more

    Affected Products : apollo_router
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-64360

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects Consulting... Read more

    Affected Products : consulting_elementor_widgets
    • Published: Oct. 31, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-12633

    The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/bookit/v1/commerce/stripe/return' REST API Endpoint in all versions up to, and ... Read more

    Affected Products : bookit
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63465

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63462

    Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : a7000r_firmware a7000r
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-47866

    Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a ... Read more

    Affected Products : ceph
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-64364

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63551

    A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to ... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 3835 Results