Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-15051

    Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and e... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-22174

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12621

    The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'create_refund' function in all versions up to, and including, 1.0.42. This makes i... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-0274

    HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.... Read more

    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12289

    A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipula... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-11256

    The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to uploa... Read more

    Affected Products : kognetiks_chatbot
    • Published: Oct. 18, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-11979

    An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server v7.0 versions prior to 7.0.25, MongoDB Server... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-10638

    The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-11750

    In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-e... Read more

    Affected Products : dify
    • Published: Oct. 22, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-49913

    Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a through <= 3.4.0.... Read more

    Affected Products : coschedule
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22168

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-22176

    Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-54973

    A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to ... Read more

    Affected Products : fortianalyzer fortianalyzer
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2025-62397

    The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.... Read more

    Affected Products : moodle
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-59438

    Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.... Read more

    Affected Products : mbed_tls
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-22170

    Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.... Read more

    Affected Products : jira_align
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-11269

    The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attac... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-62973

    Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.... Read more

    Affected Products : buddyforms
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12267

    A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has b... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10637

    The Social Feed Gallery plugin for WordPress is vulnerable to Information Exposure in versions less than, or equal to, 4.9.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unaut... Read more

    Affected Products : wp_social_feed_gallery
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3686 Results