Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-58147

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs... Read more

    Affected Products : xen
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-12938

    A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be ini... Read more

    Affected Products : online_admission_system
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63466

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63468

    Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-43468

    A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-62232

    Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been f... Read more

    Affected Products : apisix
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-57106

    Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.... Read more

    Affected Products : vtk
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-43405

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-13169

    A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation of the argument room_id leads to sql injection. The attac... Read more

    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63454

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products : ax3_firmware ax3
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60201

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a throug... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-11735

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lac... Read more

    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-65002

    Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-60561

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60559

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60552

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60551

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-43500

    A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : iphone_os watchos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-63811

    An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.... Read more

    Affected Products : jose2go
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-60549

    D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.... Read more

    Affected Products : dir-600l_firmware dir-600l
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3729 Results