Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-54323

    An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.... Read more

    • Published: Nov. 04, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-43373

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54265

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Oct. 14, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-20725

    In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges nee... Read more

    Affected Products : nr15 nr16 lr12a mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 +62 more products
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60338

    Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60571

    D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-54329

    An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a mu... Read more

    • Published: Nov. 04, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-64363

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-43450

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to learn information about the current camera view before being granted camera access.... Read more

    Affected Products : iphone_os ipados
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-52513

    An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.... Read more

    • Published: Nov. 04, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-60203

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through ... Read more

    Affected Products : store_exporter_for_woocommerce
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-60240

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.... Read more

    Affected Products : anycomment
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-61120

    AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predic... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-3355

    IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the ... Read more

    Affected Products : tivoli_monitoring
    • Published: Oct. 30, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-32657

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Tes... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-36128

    IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to ca... Read more

    Affected Products : linux_kernel aix solaris mq windows i
    • Published: Oct. 16, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-64284

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a throu... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-61116

    AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as t... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-62789

    Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent ... Read more

    Affected Products : wazuh
    • Published: Oct. 29, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61119

    Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by man... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 3717 Results