Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-62962

    Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-57740

    An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all ver... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-64140

    Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56399

    alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Altho... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-62498

    A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project ... Read more

    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-20711

    In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-10706

    The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-62179

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the c... Read more

    Affected Products : wegia
    • Published: Oct. 13, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11920

    The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access a... Read more

    Affected Products : wpcom_member
    • Published: Nov. 01, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-11575

    Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-64353

    Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11912

    A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2013-10073

    Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to disc... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8052

    SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper... Read more

    Affected Products : flipper
    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-60211

    Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fie... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-62697

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - LanguageSelector Exten... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11843

    Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a serv... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-11588

    A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploi... Read more

    Affected Products : gym_management_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-59228

    Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025

  • 8.8

    HIGH
    CVE-2025-11552

    A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. T... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection
Showing 20 of 3923 Results