Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-65084

    An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more

    Affected Products : cobalt xenon argon lithium cobalt_share
    • Published: Nov. 25, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-29933

    Improper input validation within AMD uProf can allow a local attacker to write out of bounds, potentially resulting in a crash or denial of service... Read more

    Affected Products : uprof
    • Published: Nov. 24, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-48510

    Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.... Read more

    Affected Products : uprof
    • Published: Nov. 24, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48511

    Improper input validation within AMD uprof can allow a local attacker to write to an arbitrary physical address, potentially resulting in crash or denial of service.... Read more

    Affected Products : uprof
    • Published: Nov. 24, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-64720

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when pr... Read more

    Affected Products : libpng
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-65018

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API fun... Read more

    Affected Products : libpng
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-64506

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit ... Read more

    Affected Products : libpng
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-64505

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when pro... Read more

    Affected Products : libpng
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-62703

    Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-63735

    A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp.... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13386

    The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'options_update' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated atta... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-59372

    A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Up... Read more

    Affected Products : router
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2025-13452

    The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13389

    The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `get_order_by_id()` function in all versions up to, and including, 14. This ... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13404

    The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and including, 1.2.20. This makes it possible for authentica... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13405

    The Ace Post Type Builder plugin for WordPress is vulnerable to unauthorized custom taxonomy deletion due to missing authorization validation on the cptb_delete_custom_taxonomy() function in all versions up to, and including, 1.9. This makes it possible f... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-10646

    The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible for authenticat... Read more

    Affected Products : search_exclude
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63914

    An issue was discovered in Cinnamon kotaemon 0.11.0. The _may_extract_zip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared ... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-65951

    Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF a... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-12040

    The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. Thi... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization
Showing 20 of 4921 Results