Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2025-11680

    Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-11625

    Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.... Read more

    Affected Products : wolfssh
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-60511

    Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impers... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-40016

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal wi... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-62595

    Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain ci... Read more

    Affected Products : koa
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.1

    HIGH
    CVE-2025-62509

    FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/de... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62672

    rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in librplay/rplay.c, potentially reachable via packet data... Read more

    Affected Products :
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-31342

    An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a m... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 4.0

    MEDIUM
    CVE-2025-57838

    Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : magicos
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2025-57839

    Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : magicos
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-6515

    The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client M... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-41028

    A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 2.9

    LOW
    CVE-2025-57837

    Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Information Disclosure

  • 7.3

    HIGH
    CVE-2025-11940

    A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried o... Read more

    Affected Products :
    • Published: Oct. 19, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-54957

    An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buf... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2025-60507

    Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. W... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-62249

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 202... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-8884

    Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-61455

    SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authenticatio... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40004

    In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsin... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3660 Results