Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-60280

    Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacke... Read more

    Affected Products : bang_resto
    • Published: Oct. 21, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62287

    Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc... Read more

    Affected Products : life_sciences_inform
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.1

    MEDIUM
    CVE-2025-12580

    The SMS for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-52180

    Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Infinity 4.2 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahi/jsp/gsfr_feditorHTML.jsp?pHtmlSource endpoint.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10955

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings.This issue affects Netigma: from 6.3.5 before 6.3.5 V8.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-63448

    Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.... Read more

    Affected Products : water_management_system
    • Published: Nov. 03, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2018-25119

    Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of ... Read more

    Affected Products : fusion
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62267

    Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 a... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-63446

    Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.... Read more

    Affected Products : water_management_system
    • Published: Nov. 03, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12401

    The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the label_plugins_options() function. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-12302

    A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The atta... Read more

    Affected Products : simple_food_ordering_system
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60936

    Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.... Read more

    Affected Products : emoncms
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12400

    The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_page() function. This makes it possible for unauthenticated ... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-12410

    The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation in the sh_contextual_help_dashboard_widget() function. This makes it ... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-12412

    The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on th tbn_ajax_add() function. This makes it possible for unauthenti... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-12452

    The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and in... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-60950

    An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-56008

    Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.... Read more

    Affected Products : keeneticos
    • Published: Oct. 23, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53060

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Oct. 21, 2025
    • Modified: Oct. 28, 2025

  • 6.1

    MEDIUM
    CVE-2025-61431

    A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser vi... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3675 Results