Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-55200

    BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting (XSS) vulnerability with the input location being the "Username" field and the output location on the "Shared... Read more

    Affected Products : bigbluebutton
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-4615

    An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this... Read more

    Affected Products : pan-os prisma_access
    • Published: Oct. 09, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-4614

    An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leak... Read more

    Affected Products : pan-os pan-os
    • Published: Oct. 09, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-11552

    A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. T... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-60267

    In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more

    Affected Products : xckk
    • Published: Oct. 09, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-11573

    An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this ... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-11551

    A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attac... Read more

    Affected Products : student_result_manager
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-11550

    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer derefe... Read more

    Affected Products : w12_firmware w12
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3848 Results