Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-37140

    Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully cons... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.0

    MEDIUM
    CVE-2025-37139

    A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by rep... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-37138

    An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-37137

    Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-37136

    Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-37135

    Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary ... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-37134

    An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user o... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-37133

    An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user o... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-37132

    An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary fi... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-9626

    The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This makes it possible for... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-9950

    The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for authenticated attackers, with Administrator-level acce... Read more

    Affected Products : error_log_viewer
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-11628

    A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument produc... Read more

    Affected Products :
    • Published: Oct. 12, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 2.4

    LOW
    CVE-2025-8606

    The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activate_plugin and deactivate_plugin functions.... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.4

    HIGH
    CVE-2025-11666

    A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded ... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-6439

    The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdp_save_canvas_design_ajax' function in... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-11606

    A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possi... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-10190

    The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-11651

    A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-11655

    A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be i... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-10129

    The WordPress Live Webcam Widget & Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3675 Results