Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-52512

    An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-47776

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientifi... Read more

    Affected Products : mantisbt
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-3125

    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlle... Read more

    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-59716

    ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail addr... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-21079

    Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.... Read more

    Affected Products : members
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.4

    HIGH
    CVE-2025-54526

    Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-64322

    Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.... Read more

    Affected Products : agentforce_vibes_extension
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 9.9

    CRITICAL
    CVE-2025-63601

    Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-54331

    An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-55108

    The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled (i.e. in the default configuration). NOTE: The vendor believes t... Read more

    Affected Products : control-m\/agent
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2025-46705

    A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to tri... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-11987

    The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : visual_link_preview
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-12675

    The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig() function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with ... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-21075

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-64114

    ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin... Read more

    Affected Products : clipbucket
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-53245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through <= 1.2.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-62014

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-58595

    Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-48077

    Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-64224

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3903 Results