Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-11904

    A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disc... Read more

    Affected Products : chancms
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11902

    A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiate... Read more

    Affected Products : chancms
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-10243

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-5946

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user wit... Read more

    Affected Products : centreon_web
    • Published: Oct. 14, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-10242

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-37134

    An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user o... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11939

    A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing manipulation of the argument restoreFile can lead to pa... Read more

    Affected Products : churchcrm
    • Published: Oct. 19, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-55080

    In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.... Read more

    Affected Products : threadx threadx_netx_duo
    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-22258

    A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 thr... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-10754

    The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-11944

    A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. Th... Read more

    Affected Products : vvveb
    • Published: Oct. 19, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11903

    A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploi... Read more

    Affected Products : chancms
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-62290

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to c... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 7.2

    HIGH
    CVE-2025-47856

    Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or c... Read more

    Affected Products : fortivoice
    • Published: Oct. 14, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-50571

    A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, FortiManager Cloud 7.6.2, 7.4.1 through 7.4.5, 7.2.1 through 7.2.8, 7.0.1 th... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-62713

    Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deploymen... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-37133

    An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user o... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-60500

    QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of a... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-37146

    A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary com... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11238

    The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP Referer header in versions less than, or equal to, 3.4.4 due to insufficient input sanitization and output escaping when the "Save source URL" option is enabled. ... Read more

    Affected Products : watu_quiz
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3653 Results