Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-62933

    Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-11619

    Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.... Read more

    Affected Products : devolutions_server
    • Published: Oct. 15, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-62891

    Cross-Site Request Forgery (CSRF) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Cross Site Request Forgery.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.5.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-41719

    A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known de... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-11912

    A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8049

    Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This is... Read more

    Affected Products : flipper
    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-11589

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack r... Read more

    Affected Products : gym_management_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11590

    A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possibl... Read more

    Affected Products : gym_management_system
    • Published: Oct. 11, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-62962

    Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-11909

    A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-49924

    Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.... Read more

    Affected Products : wholesale_suite
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-60212

    Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-60234

    Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11591

    A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack ca... Read more

    Affected Products : gym_management_system
    • Published: Oct. 11, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-47902

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.... Read more

    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-54968

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with the permissions of... Read more

    Affected Products : socet_gxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-11911

    A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12346

    A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argumen... Read more

    Affected Products : maxsite_cms cms
    • Published: Oct. 28, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-59249

    Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025

  • 8.8

    HIGH
    CVE-2025-62931

    Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.8.7.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization
Showing 20 of 3801 Results