Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-60022

    Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-13276

    A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possi... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-11267

    The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_veu_custom_css' parameter in all versions up to, and including, 9.112.1. This is due to insufficient input sanitization and output escaping on the... Read more

    Affected Products : vk_all_in_one_expansion_unit
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-41733

    The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 9.0

    CRITICAL
    CVE-2025-9501

    The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-63917

    PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbit... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: XML External Entity

  • 7.2

    HIGH
    CVE-2025-4212

    The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-36118

    IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.... Read more

    Affected Products : storage_virtualize
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-12404

    The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeit_conf() function. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-12974

    The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-40545

    SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authenticat... Read more

    Affected Products : observability_self-hosted
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-65073

    OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.... Read more

    Affected Products : keystone
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-10089

    Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application (IR) all versions, MILCO.S Easy Setting Application (IR) all versions, an... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-13088

    The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab() function. ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-13193

    A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.... Read more

    Affected Products : libvirt
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.2

    LOW
    CVE-2025-65083

    GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from t... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.4

    HIGH
    CVE-2025-58407

    Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.... Read more

    Affected Products : ddk
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Race Condition

  • 6.4

    MEDIUM
    CVE-2025-12823

    The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-12528

    The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic function. This is due to insufficient file type validation where the validate_classic method validates file e... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-41735

    A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3919 Results