Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-62716

    Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that are passed directly to router.push. This resul... Read more

    Affected Products : plane
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-46183

    The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other malicious behavior on the targ... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-5605

    An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in p... Read more

    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-12136

    The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-wit... Read more

    Affected Products : wordpress_real_cookie_banner
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-11257

    The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authent... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-10874

    The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-62236

    The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-12044

    Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-... Read more

    Affected Products : vault
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-6980

    Captive Portal can expose sensitive information... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-23352

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-10579

    The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpup_working' AJAX action in all versions up to, and including, 5.5.0. This makes it possible ... Read more

    Affected Products : backwpup
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2025-23332

    NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 8.1

    HIGH
    CVE-2025-11621

    Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault... Read more

    Affected Products : vault
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-9978

    The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-11760

    The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress is vulnerable to exposure of sensitive information in all versions up to, and including, 1.5.6. This is due to the plugin exposing Zoom SDK secret keys in cli... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-11255

    The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppm_ajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible ... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-62714

    Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g.,... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-5350

    SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side requ... Read more

    Affected Products : api_manager identity_server
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-11504

    The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0.0.9 to 0.1.17 through the /wp-content/plugins/quickcreator/dupasrala.txt file. This makes it possible for unauthenticated attackers to vie... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-62169

    OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enfo... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authentication
Showing 20 of 4018 Results