Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-63811

    An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.... Read more

    Affected Products : jose2go
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60337

    Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Oct. 22, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60574

    A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retriev... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-60751

    GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-43496

    The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-62658

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-62727

    Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61101

    FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more

    Affected Products : frrouting
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60805

    An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-60333

    TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : n600r_firmware n600r
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54963

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service proc... Read more

    Affected Products : socet_gxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-43469

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-62604

    MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched ... Read more

    Affected Products : metersphere
    • Published: Oct. 22, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-60074

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a thr... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-43424

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash.... Read more

    Affected Products : iphone_os ipados
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27917

    An issue was discovered in AnyDesk through 9.0.4. Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference.... Read more

    Affected Products : anydesk
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60349

    An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-6176

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to... Read more

    Affected Products : scrapy
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-12863

    A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace poin... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-62947

    Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.3.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3730 Results