Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-62626

    Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cryptography

  • 10.0

    CRITICAL
    CVE-2025-65108

    md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code ... Read more

    Affected Products : markdown_to_pdf
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-65092

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG ima... Read more

    Affected Products : esp-idf
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-48507

    The security state of the calling processor into Arm® Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SO... Read more

    Affected Products :
    • Published: Nov. 23, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-11186

    The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookies_accepted shortcode in all versions up to, and including, 2.5.8 due to insufficient input sanitization and output esca... Read more

    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12747

    The Tainacan plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via uploaded files marked as private being exposed in wp-content without adequate protection. This makes it possible for unauthenticated a... Read more

    Affected Products : tainacan
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-13317

    The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint (cpabc_appointments_check_IPN_veri... Read more

    Affected Products : appointment_booking_calendar
    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-29934

    A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-13526

    The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'wa_order_thank_you_override' function due to missing validation on a user controlled key. This makes it ... Read more

    Affected Products :
    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-12800

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : shortcodes_ultimate
    • Published: Nov. 23, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-13384

    The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query pa... Read more

    Affected Products : cp_contact_form
    • Published: Nov. 22, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 2.9

    LOW
    CVE-2025-65111

    SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union reference... Read more

    Affected Products : spicedb
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2024-21922

    A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more

    Affected Products :
    • Published: Nov. 23, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-41115

    SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabl... Read more

    Affected Products : grafana
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authentication

  • 7.4

    HIGH
    CVE-2025-13132

    This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake U... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-12973

    The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2025-13524

    Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occur... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-65947

    thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolh... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-64483

    Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollm... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-13470

    In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encryp... Read more

    Affected Products : rnp
    • Published: Nov. 21, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cryptography
Showing 20 of 4554 Results