Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-35968

    Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-34283

    Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An authenticated user without API privileges could view another user's or their own API key value.... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-62036

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64167

    Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to a cross-site scripting attack (leading to JS execution) when editing the URL parameter. Versions 2.7.13 and 3.2.2 don't use export.php, which was ... Read more

    Affected Products : itop
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-54721

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-34273

    Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deleti... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-62721

    LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks, allowing any authenticated user to access all links, lists,... Read more

    Affected Products : linkace
    • Published: Nov. 04, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-12915

    A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is associate... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-10918

    Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-62041

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.1.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-61084

    MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while ... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-62040

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YOP YOP Poll yop-poll.This issue affects YOP Poll: from n/a through <= 6.5.37.... Read more

    Affected Products : yop_poll
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-59235

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025

  • 7.1

    HIGH
    CVE-2025-62057

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64224

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-55686

    Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 7.0

    HIGH
    CVE-2025-62217

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 7.0

    HIGH
    CVE-2025-55340

    Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 7.0

    HIGH
    CVE-2025-55691

    Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 30, 2025

  • 7.0

    HIGH
    CVE-2025-55690

    Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 30, 2025
Showing 20 of 4141 Results