Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-13022

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13027

    Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13021

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13023

    Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2017-20210

    Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.... Read more

    Affected Products : photo_station
    • Published: Nov. 11, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12813

    The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. Thi... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11457

    The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting t... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-11170

    The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-39463

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-48086

    Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-39466

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-12735

    The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12868

    New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-12866

    EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-47151

    A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr&#39;ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to... Read more

    Affected Products : lasso
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12603

    /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    • Published: Nov. 01, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-64163

    DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue i... Read more

    Affected Products : dataease
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-8324

    Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.... Read more

    Affected Products : manageengine_analytics_plus
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12352

    The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to uplo... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-3356

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append t... Read more

    Affected Products : tivoli_monitoring
    • Published: Oct. 30, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3671 Results