Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-55082

    In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.... Read more

    Affected Products : threadx_netx_duo threadx_usbx
    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-34254

    D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing acco... Read more

    Affected Products : nuclias_connect
    • Published: Oct. 16, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-54755

    A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-12461

    This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the config... Read more

    Affected Products : epsilon_rh
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-62598

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. T... Read more

    Affected Products : wegia
    • Published: Oct. 21, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-62418

    Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted SVG file containing embedded JavaScript. When viewed, the malici... Read more

    Affected Products : bagisto
    • Published: Oct. 16, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-55091

    In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.... Read more

    Affected Products : threadx_netx_duo threadx_usbx
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-55084

    In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.... Read more

    Affected Products : threadx_netx_duo threadx_usbx
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-62414

    Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker with access to the admin create-customer form can inject malicious Jav... Read more

    Affected Products : bagisto
    • Published: Oct. 16, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-62415

    Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted HTML file containing embedded JavaScript. When viewed, the malic... Read more

    Affected Products : bagisto
    • Published: Oct. 16, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-62375

    go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succe... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-60015

    An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    Affected Products : f5os-a f5os-c
    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.9

    MEDIUM
    CVE-2025-54461

    ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-62256

    Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain c... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-62254

    The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does ... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-11915

    Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-34155

    Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to inf... Read more

    Affected Products : aggregate_network_manager
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-34156

    Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resul... Read more

    Affected Products : aggregate_network_manager
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-12552

    Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-12554

    Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3653 Results