Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-61756

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily expl... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 7.5

    HIGH
    CVE-2025-60343

    Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2... Read more

    Affected Products : ac6_firmware ac6
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-13237

    A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. The manipulation of the argument U_USERNAME results in sql injection. The attack can be launched remotely. ... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-60201

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a throug... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-60335

    A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60334

    TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-13235

    A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument user_email can lead to sql injection. It is possible to launch the attack... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 16, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63465

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-61106

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more

    Affected Products : frrouting
    • Published: Oct. 28, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-53050

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 7.5

    HIGH
    CVE-2025-52513

    An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.... Read more

    • Published: Nov. 04, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-64359

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through < 6.7.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-60191

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmer... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-61141

    sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63561

    Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed ... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-58629

    Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-10861

    The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4. This is due to insufficient validation on... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-13012

    Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-61498

    A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60074

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a thr... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3712 Results