Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2025-64688

    In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget... Read more

    Affected Products : youtrack
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2025-12405

    An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source dat... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-12583

    The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This mak... Read more

    Affected Products : simple_downloads_list
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-47773

    Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content.... Read more

    Affected Products : itop
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-64684

    In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form... Read more

    Affected Products : youtrack
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-12441

    Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-12930

    A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploi... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-63678

    An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-11828

    The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-12868

    New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 5.8

    MEDIUM
    CVE-2025-42885

    Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-41001

    Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'LOGOUT_REDIRECT' parameter in '/soplanning/www/process/options.php'... Read more

    Affected Products : soplanning
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-12938

    A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be ini... Read more

    Affected Products : online_admission_system
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-12922

    A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xml_file results in path travers... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-12177

    The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded Cron key used in the deleteExpired() and clearTempDataCPCron() functions in all versions up to, and including, 3.3.30. This makes it possible for unauthentic... Read more

    Affected Products : download_manager
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-12919

    A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of ... Read more

    Affected Products :
    • Published: Nov. 09, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-12864

    U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : u-office_force
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-63457

    Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-12932

    A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11457

    The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting t... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 4109 Results