Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-63744

    A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-13182

    A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The expl... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-12182

    The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `resize_image_callback()` function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user h... Read more

    Affected Products : qi_blocks
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2025-13204

    npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-9317

    The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.... Read more

    Affected Products : aveva_edge
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2025-13181

    A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotel... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-8386

    The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in hor... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-13238

    A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-13180

    A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in b... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13239

    A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-11865

    An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2025-54340

    A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cryptography

  • 9.0

    HIGH
    CVE-2025-13191

    A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been... Read more

    Affected Products : dir-816l_firmware
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.6

    HIGH
    CVE-2025-54346

    A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12849

    The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJAX action for both authenticated and unauthenticated us... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-12983

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially craf... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-63291

    When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the sp... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-64084

    An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authentic... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13033

    A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This ca... Read more

    Affected Products : nodemailer
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-63725

    Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3946 Results