Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-9317

    The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.... Read more

    Affected Products : aveva_edge
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-13186

    A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/manage_customer. This manipulation of the argument Search causes cross sit... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-63680

    Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creati... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-8386

    The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in hor... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13239

    A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-11865

    An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13238

    A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-13209

    A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: XML External Entity

  • 9.6

    CRITICAL
    CVE-2025-54343

    An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13179

    A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed ... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-2615

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions throug... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-12983

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially craf... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Denial of Service

  • 3.8

    LOW
    CVE-2025-54560

    A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-12849

    The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJAX action for both authenticated and unauthenticated us... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-12847

    The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This... Read more

    Affected Products : all_in_one_seo
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-59780

    General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-64309

    Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanni... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-6945

    GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hi... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-64307

    The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, c... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2021-4471

    TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and download files within the directory to obtain vali... Read more

    Affected Products : tg8_firewall
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication
Showing 20 of 3942 Results