Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-37729

    Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava va... Read more

    Affected Products : elastic_cloud_enterprise
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-42910

    Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host... Read more

    Affected Products : supplier_relationship_management
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-42937

    SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and avail... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-9968

    A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to se... Read more

    Affected Products : armoury_crate
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-9902

    Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025.... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-9265

    A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview N... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-9124

    A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault.... Read more

    Affected Products : compact_guardlogix_5370_firmware
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-62364

    text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symboli... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-61775

    Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under cer... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-62244

    Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows re... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62243

    Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers t... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-39964

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Further... Read more

    Affected Products : linux_kernel
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39965

    In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to ... Read more

    Affected Products : linux_kernel
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-11675

    Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more

    Affected Products : enterprise_cloud_database
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-11672

    Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.... Read more

    Affected Products : uniweb\/solipacs_webserver
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-10558

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-61688

    Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API.... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2025-9177

    A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash however; this does not impact I/O control or communicati... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 8.6

    HIGH
    CVE-2025-11673

    SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-9976

    An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection
Showing 20 of 3802 Results