Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-61431

    A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser vi... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-55098

    In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device.... Read more

    Affected Products : threadx_usbx
    • Published: Oct. 17, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-60933

    Multiple stored cross-site scripting (XSS) vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal ... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53286

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through <= 4.6.9.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61933

    A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53052

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network acce... Read more

    Affected Products : workflow
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-60932

    Multiple stored cross-site scripting (XSS) vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60176

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61753

    Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to... Read more

    Affected Products : scripting
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.1

    MEDIUM
    CVE-2025-10357

    The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61456

    A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-49909

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through < 2.4.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62936

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Jthemes xSmart xsmart allows Code Injection.This issue affects xSmart: from n/a through <= 1.2.9.4.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-57521

    Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attack... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Supply Chain

  • 6.1

    MEDIUM
    CVE-2025-55333

    Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 27, 2025

  • 6.1

    MEDIUM
    CVE-2025-61454

    A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitra... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-11498

    An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitati... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-31366

    An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all v... Read more

    Affected Products : fortios fortiproxy fortisase
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-55682

    Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 24, 2025

  • 6.1

    MEDIUM
    CVE-2024-13993

    Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4136 Results