Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-41016

    Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms/<ALARM_ID>/<MEDIA>”, where the “MEDIA” parameter can take the value of “... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-41017

    Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras/<CAMERA_ID>/perspective”.... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40213

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array. ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-63958

    MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-56400

    Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an at... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.0

    HIGH
    CVE-2025-52538

    Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability.... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-13386

    The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'options_update' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-10646

    The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible for authenticat... Read more

    Affected Products : search_exclude
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-13559

    The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes ... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-12742

    A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-h... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-12003

    A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more i... Read more

    Affected Products : router
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Path Traversal

  • 4.4

    MEDIUM
    CVE-2025-12025

    The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2025-13311

    The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12645

    The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-13370

    The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-13405

    The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptb_delete_custom_taxonomy() function in all versions up to, and including, 1.9. This makes it possible f... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13404

    The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and including, 1.2.20. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13389

    The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()` function in all versions up to, and including, 14. This ... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-59365

    A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Updat... Read more

    Affected Products : router
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 6.0

    MEDIUM
    CVE-2025-59368

    An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router... Read more

    Affected Products : router
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4540 Results