Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-60852

    A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue co... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13269

    A vulnerability has been found in Campcodes School Fees Payment Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_payment. The manipulation of the argument ID leads to sql injection. The attack may be ini... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-54957

    An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buf... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-13270

    A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=save_course. The manipulation of the argument ID results in sql injection. The attack may be launched remotely.... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9544

    The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action install_extension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate add... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13238

    A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-64362

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through < 5.5.0.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-13273

    A security flaw has been discovered in Campcodes School Fees Payment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_payment. Performing manipulation of the argument ID results in sql i... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-60783

    There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-8051

    Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.... Read more

    Affected Products : flipper
    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-13260

    A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit_product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched re... Read more

    Affected Products : supplier_management_system
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-49939

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.... Read more

    Affected Products : jetelements_for_elementor
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-61464

    gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.... Read more

    Affected Products : gnuboard
    • Published: Oct. 23, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11627

    The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary con... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-13119

    A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.... Read more

    Affected Products : simple_e-banking_system
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-12931

    A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch t... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-50075

    Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 6.5

    MEDIUM
    CVE-2025-13234

    A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13279

    A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remot... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-57712

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Nov. 07, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3757 Results