Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-13423

    A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack ... Read more

    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-13424

    A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is p... Read more

    Affected Products : supplier_management_system
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-13445

    A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been ... Read more

    Affected Products : ac21_firmware ac21
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13446

    A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried ... Read more

    Affected Products : ac21_firmware ac21
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-36149

    IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-13449

    A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit... Read more

    Affected Products : online_shop_project
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-13450

    A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely.... Read more

    Affected Products : online_shop_project
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-13451

    A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. T... Read more

    Affected Products : online_shop_project
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-13468

    A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executi... Read more

    Affected Products : alumni_management_system
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-41074

    Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system ... Read more

    Affected Products : limesurvey
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-41075

    Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service (DoS attack), by exhausting server or client resources. The system is... Read more

    Affected Products : limesurvey
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-41076

    In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Y... Read more

    Affected Products : limesurvey
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-36153

    IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    Affected Products : concert
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-36158

    IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.... Read more

    Affected Products : concert
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Path Traversal

  • 6.2

    MEDIUM
    CVE-2025-36159

    IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output.... Read more

    Affected Products : concert
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-36160

    IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.... Read more

    Affected Products : concert
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-13484

    A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The attack ... Read more

    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-64660

    Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.... Read more

    Affected Products : visual_studio_code
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-59245

    Microsoft SharePoint Online Elevation of Privilege Vulnerability... Read more

    Affected Products : sharepoint_online
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025

  • 10.0

    CRITICAL
    CVE-2025-49752

    Azure Bastion Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_bastion_developer
    • Published: Nov. 20, 2025
    • Modified: Nov. 21, 2025
Showing 20 of 3679 Results