Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2025-13245

    A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The ex... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63291

    When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the sp... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13172

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotel... Read more

    Affected Products : gym_management_system
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-62765

    General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-13246

    A vulnerability was identified in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Impacted is the function JwtAuthenticationFilter of the file src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.ja... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 10.0

    HIGH
    CVE-2025-13188

    A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. ... Read more

    Affected Products : dir-816l_firmware
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-2615

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions throug... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-63724

    SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-54562

    A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-63701

    A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assume... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-13240

    A vulnerability was detected in code-projects Student Information System 2.0. This affects an unknown part of the file /searchquery.php. Performing manipulation of the argument s results in sql injection. Remote exploitation of the attack is possible. The... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-13180

    A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in b... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13179

    A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed ... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.1

    MEDIUM
    CVE-2025-13181

    A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-13201

    A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fr... Read more

    Affected Products : simple_cafe_ordering_system
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-59780

    General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-7736

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-63830

    CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-12182

    The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `resize_image_callback()` function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user h... Read more

    Affected Products : qi_blocks
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-9317

    The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.... Read more

    Affected Products : aveva_edge
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3929 Results