Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-13164

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-13165

    EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-13284

    ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-13163

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext database account credentials from the system frontend.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2025-55055

    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')... Read more

    Affected Products : rumpus
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13259

    A flaw has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /manufacturer/edit_unit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has b... Read more

    Affected Products : supplier_management_system
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-40936

    A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to cra... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-13299

    A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql injection. The attack may be performed from remote. The ex... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-10460

    A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnera... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13277

    A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit ... Read more

    Affected Products : nero_social_networking_site
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-12639

    The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13289

    A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql in... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13290

    A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the att... Read more

    Affected Products : simple_food_ordering_system
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 4.5

    MEDIUM
    CVE-2025-55058

    CWE-20 Improper Input Validation... Read more

    Affected Products : rumpus
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025

  • 8.0

    HIGH
    CVE-2025-36357

    IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary fi... Read more

    Affected Products : planning_analytics_local
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-12404

    The Like-it plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the likeit_conf() function. This makes it possible for unauthenticated attacker... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-11734

    The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin reg... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-41733

    The commissioning wizard on the affected devices does not validate if the device is already initialized. An unauthenticated remote attacker can construct POST requests to set root credentials.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-13274

    A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_fees. Executing manipulation of the argument ID can lead to sql injection. The ... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13285

    A vulnerability was identified in itsourcecode Online Voting System 1.0. The affected element is an unknown function of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploi... Read more

    Affected Products : online_voting_system
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection
Showing 20 of 3943 Results