Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-37161

    A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting with... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-37162

    A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-12359

    The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.3 via the 'get_image_size_by_url' function. This is due to insufficient validation of user-supplied URLs when det... Read more

    Affected Products : responsive_lightbox
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-63206

    An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-6251

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item['field_id'] in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possi... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-8527

    Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-37157

    A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-65012

    Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making ... Read more

    Affected Products : kirby
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-10702

    Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection optio... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-13080

    Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.... Read more

    Affected Products : drupal
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-54320

    In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-65024

    i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agenda_admin_cad.php script. An attacker with access to an authenticated sessio... Read more

    Affected Products : i-educar
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-13051

    When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under ... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-64757

    Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro develo... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-11230

    Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-37160

    A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to di... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-12761

    Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Simple multi step form allows Cross-Site Scripting (XSS).This issue affects Simple multi step form: from 0.0.0 before 2.0.0.... Read more

    Affected Products : drupal
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-63602

    A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to I... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.0

    MEDIUM
    CVE-2025-12766

    An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warn... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-63693

    The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3979 Results