Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-11456

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it po... Read more

    Affected Products : wsdesk
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-10039

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'eh_crm_ticket_single_view_client' due to missing validation on a user contr... Read more

    Affected Products : wsdesk
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-10054

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_remove_agent' function in all versions up to, and including, 3.3.1. This makes... Read more

    Affected Products : wsdesk
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-64027

    Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interf... Read more

    Affected Products : snipe-it
    • Published: Nov. 20, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-62703

    Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-63735

    A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-13565

    A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed... Read more

    • Published: Nov. 23, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-43374

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-31266

    A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.... Read more

    Affected Products : macos safari
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-31248

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.5, macOS Sonoma 14.7.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Path Traversal

  • 2.4

    LOW
    CVE-2025-31216

    The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to override managed Wi-Fi profiles.... Read more

    Affected Products : iphone_os ipados
    • Published: Nov. 21, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-65998

    Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This all... Read more

    Affected Products : syncope
    • Published: Nov. 24, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Cryptography

  • 8.0

    HIGH
    CVE-2025-64660

    Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.... Read more

    Affected Products : visual_studio_code
    • Published: Nov. 20, 2025
    • Modified: Nov. 26, 2025

  • 7.5

    HIGH
    CVE-2025-13384

    The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query pa... Read more

    Affected Products : cp_contact_form
    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 7.4

    HIGH
    CVE-2025-13132

    This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake U... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-13524

    Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occur... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-0504

    Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator function... Read more

    Affected Products : black_duck_sca
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 2.9

    LOW
    CVE-2025-65111

    SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union reference... Read more

    Affected Products : spicedb
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-65947

    thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolh... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-13566

    A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached loca... Read more

    Affected Products :
    • Published: Nov. 23, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4568 Results