Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-12930

    A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploi... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-61758

    Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-12926

    A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. Th... Read more

    Affected Products : farm_management_system
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62069

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through <= 1.3.3.8.... Read more

    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-59593

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334.... Read more

    Affected Products : colibri_page_builder
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62706

    Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allow... Read more

    Affected Products : authlib
    • Published: Oct. 22, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-11454

    The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all versions up to, and including, 0.5.5 due to insufficient esc... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10875

    Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.... Read more

    Affected Products : mulesoft_anypoint_code_builder
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-63294

    WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57697

    AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base... Read more

    Affected Products : astrbot
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-8051

    Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.... Read more

    Affected Products : flipper
    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-62019

    Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more

    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-60783

    There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings.... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-44633

    PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62033

    Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63718

    A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-12010

    The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : authors_list
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-63716

    The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification ... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-63717

    The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. The application does not implement adequate anti-CSRF tokens or sam... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-52752

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeAtelier IDonatePro idonate-pro allows Retrieve Embedded Sensitive Data.This issue affects IDonatePro: from n/a through <= 2.1.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3730 Results