Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.5

HIGH

CVE-2025-60563

D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr....

Affected Products : dir-600l_firmware dir-600l
Published: Oct. 24, 2025

Modified: Oct. 27, 2025

Vuln Type: Memory Corruption
5.3

MEDIUM

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

Affected Products : perfreeblog
Published: Oct. 24, 2025

Modified: Oct. 27, 2025

Vuln Type: Path Traversal
7.6

HIGH

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function...

Affected Products : perfreeblog
Published: Oct. 24, 2025

Modified: Oct. 27, 2025

Vuln Type: Path Traversal
7.6

HIGH

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function...

Affected Products : perfreeblog
Published: Oct. 24, 2025

Modified: Oct. 27, 2025

Vuln Type: Misconfiguration
7.6

HIGH

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function...

Affected Products : perfreeblog
Published: Oct. 24, 2025

Modified: Oct. 27, 2025
7.5

HIGH

CVE-2025-10497

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially craf...

Affected Products : gitlab
Published: Oct. 27, 2025

Modified: Oct. 27, 2025

Vuln Type: Denial of Service
7.5

HIGH

CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL request...

Affected Products : gitlab
Published: Oct. 27, 2025

Modified: Oct. 27, 2025

Vuln Type: Denial of Service
7.8

HIGH

CVE-2025-24990

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October c...

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products
Actively Exploited

Published: Oct. 14, 2025

Modified: Oct. 27, 2025
7.8

HIGH

CVE-2025-59230

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products
Actively Exploited

Published: Oct. 14, 2025

Modified: Oct. 27, 2025
5.5

MEDIUM

CVE-2025-55336

Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products
Published: Oct. 14, 2025

Modified: Oct. 27, 2025
6.1

MEDIUM

CVE-2025-55337

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 27, 2025
7.5

HIGH

CVE-2025-60339

Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters....

Affected Products : ac6_firmware ac6
Published: Oct. 22, 2025

Modified: Oct. 27, 2025

Vuln Type: Denial of Service
7.5

HIGH

CVE-2025-60337

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input....

Affected Products : ac6_firmware ac6
Published: Oct. 22, 2025

Modified: Oct. 27, 2025

Vuln Type: Memory Corruption
6.1

MEDIUM

CVE-2025-55757

A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered....

Affected Products : virtuemart
Published: Oct. 25, 2025

Modified: Oct. 27, 2025

Vuln Type: Cross-Site Scripting
5.5

MEDIUM

CVE-2025-53070

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris e...

Affected Products : solaris solaris
Published: Oct. 21, 2025

Modified: Oct. 27, 2025
5.4

MEDIUM

CVE-2025-22175

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist....

Affected Products : jira_align
Published: Oct. 22, 2025

Modified: Oct. 27, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-11154

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users....

Affected Products : idonate
Published: Oct. 27, 2025

Modified: Oct. 27, 2025

Vuln Type: Authorization
6.1

MEDIUM

CVE-2025-55338

Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack....

Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products
Published: Oct. 14, 2025

Modified: Oct. 27, 2025
7.8

HIGH

CVE-2025-55339

Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally....

Affected Products : windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 windows_11_2h2
Published: Oct. 14, 2025

Modified: Oct. 27, 2025
5.5

MEDIUM

CVE-2025-55683

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally....

Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_23h2 windows_server_2025
Published: Oct. 14, 2025

Modified: Oct. 27, 2025

Showing 20 of 4091 Results

Browse by Apps

Latest CVE Feed

7.5

5.3

7.6

7.6

7.6

7.5

7.5

7.8

7.8

5.5

6.1

7.5

7.5

6.1

5.5

5.4

5.4

6.1

7.8

5.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable