Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2025-64773

    In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit... Read more

    Affected Products : youtrack
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Race Condition

  • 7.5

    HIGH
    CVE-2025-13025

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-11959

    Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality M... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-13017

    Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.... Read more

    Affected Products : firefox firefox_esr
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 8.4

    HIGH
    CVE-2025-11862

    A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-12101

    Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-59504

    Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.... Read more

    Affected Products : azure_monitor
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 6.7

    MEDIUM
    CVE-2025-8108

    An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP appl... Read more

    Affected Products : axis_os
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-12668

    The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_countdown_timer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-13021

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.... Read more

    Affected Products : firefox
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 7.0

    HIGH
    CVE-2025-59506

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 7.8

    HIGH
    CVE-2025-33178

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of pr... Read more

    Affected Products : nemo
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-41106

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.9

    HIGH
    CVE-2025-11697

    A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administra... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-41104

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estim... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-41105

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-20614

    External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low compl... Read more

    Affected Products : computing_improvement_program
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-59510

    Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 8.9

    HIGH
    CVE-2025-11696

    A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.3

    HIGH
    CVE-2025-10161

    Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentica... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 4132 Results