Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-60305

    SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.... Read more

    Affected Products : online_student_clearance_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-12261

    A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotel... Read more

    Affected Products : gym_management_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-20710

    In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. P... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-60215

    Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10706

    The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-9890

    The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated ... Read more

    Affected Products : theme_editor
    • Published: Oct. 18, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-11575

    Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-58716

    Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 8.8

    HIGH
    CVE-2025-10639

    The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or ... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-11910

    A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible ... Read more

    Affected Products : streamax_crocus
    • Published: Oct. 17, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-59228

    Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 28, 2025

  • 8.8

    HIGH
    CVE-2025-57740

    An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all ver... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-60228

    Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-64353

    Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-64140

    Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2020-36867

    Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficien... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-62962

    Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-62422

    DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitr... Read more

    Affected Products : dataease
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12252

    A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit h... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-10896

    Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capab... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication
Showing 20 of 3912 Results