Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.3

    HIGH
    CVE-2025-30185

    Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable data alteration. T... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-59512

    Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 8.5

    HIGH
    CVE-2025-20010

    Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a... Read more

    Affected Products : processor_identification_utility
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Supply Chain

  • 7.8

    HIGH
    CVE-2025-33178

    NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of pr... Read more

    Affected Products : nemo
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.9

    HIGH
    CVE-2025-11696

    A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-12788

    The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and including, 1.1.27. This is due to the plugin accepting client-con... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8324

    Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.... Read more

    Affected Products : manageengine_analytics_plus
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-11862

    A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-12101

    Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-59509

    Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 7.3

    HIGH
    CVE-2025-7633

    Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-41105

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-41106

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-33029

    Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-12846

    The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass s... Read more

    Affected Products : blocksy_companion
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-27246

    Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexi... Read more

    Affected Products : processor_identification_utility
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-41104

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estim... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-25059

    Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-12671

    The WP-Iconics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wp_iconics' shortcode in all versions up to, and including, 0.0.4 due to insufficient input sanitization and output escaping. This makes it po... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-27713

    Out-of-bounds write for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3803 Results