Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40088

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ==============================================... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40089

    In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be pas... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.8

    MEDIUM
    CVE-2025-60898

    An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpo... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.3

    CRITICAL
    CVE-2025-53883

    A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x86_64/server:latest: f... Read more

    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-10317

    Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defin... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-11587

    The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it p... Read more

    Affected Products : call_now_button
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-11632

    The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible f... Read more

    Affected Products : call_now_button
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-61161

    DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privilege... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-61429

    An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2018-25120

    D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses s... Read more

    Affected Products : dns-343_sharecenter
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40102

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized ye... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40103

    In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to... Read more

    Affected Products : linux_kernel
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025

  • 6.4

    MEDIUM
    CVE-2025-12475

    The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products : blocksy_companion
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-12142

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.... Read more

    Affected Products : terra_ac_wallbox
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-62776

    The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11202

    win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit th... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-54548

    On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)... Read more

    Affected Products : danz_monitoring_fabric
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-10928

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.... Read more

    Affected Products : drupal access_code
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-10636

    The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-10930

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.... Read more

    Affected Products : drupal
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 3964 Results