Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-56219

    Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.... Read more

    Affected Products : signinghub
    • Published: Oct. 20, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-41724

    An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests. The wscserver process will not be restarted by a watchdog and a device reboot is necessary to make it work again.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60331

    D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60334

    TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60563

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60335

    A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61102

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more

    Affected Products : frrouting
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-43447

    The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : iphone_os watchos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60561

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-12277

    A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible t... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-12276

    A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure. The attack can be executed ... Read more

    Affected Products : learnhouse
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-11704

    The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the `elegance-menu` shortcode. This makes it possible for authenticated attackers, with Contributor... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-8416

    The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient pr... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-58188

    Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.... Read more

    Affected Products : go
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60751

    GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60332

    A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-62585

    Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.... Read more

    Affected Products : whale
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-9954

    Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.... Read more

    Affected Products : drupal
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63422

    Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-31996

    HCL Unica Platform is affected by unprotected files due to improper access controls.  These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or... Read more

    Affected Products : unica
    • Published: Oct. 13, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3703 Results