Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-59112

    Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user. The vendor was notified ear... Read more

    Affected Products : windu_cms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-59113

    Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this p... Read more

    Affected Products : windu_cms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-59114

    Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. The vendor was notified early abo... Read more

    Affected Products : windu_cms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-59115

    Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. ... Read more

    Affected Products : windu_cms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-65026

    esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is ... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-65025

    esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing spec... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-59088

    If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability... Read more

    • Published: Nov. 12, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-59116

    Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. The vendor was notified early ... Read more

    Affected Products : windu_cms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-59117

    Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. The... Read more

    Affected Products : windu_cms
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-54345

    An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-54346

    A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54348

    A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.7

    LOW
    CVE-2025-54559

    An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2025-54560

    A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54561

    An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-54562

    A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace.... Read more

    Affected Products : pingalert_application_server
    • Published: Nov. 14, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-46775

    A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain adm... Read more

    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-46776

    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to ex... Read more

    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-46215

    An Improper Isolation or Compartmentalization vulnerability [CWE-653] in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to eva... Read more

    Affected Products : fortisandbox
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-58412

    A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or... Read more

    Affected Products : fortiadc
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3688 Results