Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-65085

    A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more

    Affected Products : cobalt xenon argon lithium cobalt_share
    • Published: Nov. 25, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-65084

    An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more

    Affected Products : cobalt xenon argon lithium cobalt_share
    • Published: Nov. 25, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-62703

    Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-63735

    A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-59372

    A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Up... Read more

    Affected Products : router
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-12040

    The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. Thi... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13405

    The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptb_delete_custom_taxonomy() function in all versions up to, and including, 1.9. This makes it possible f... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13404

    The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and including, 1.2.20. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-12003

    A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more i... Read more

    Affected Products : router
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-12525

    The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protect... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.4

    MEDIUM
    CVE-2025-12025

    The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13389

    The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()` function in all versions up to, and including, 14. This ... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12586

    The Conditional Maintenance Mode for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation when toggling the maintenance mode status. This makes it p... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-59485

    Incorrect default permissions issue exists in Security Point (Windows) of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Wi... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-62691

    Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SY... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-64693

    Security Point (Windows) of MaLion and MaLionCloud contains a heap-based buffer overflow vulnerability in processing Content-Length. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with S... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-13370

    The ProjectList plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 0.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-12587

    The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to a... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.0

    CRITICAL
    CVE-2025-63729

    An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-0248

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the sec... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4949 Results