Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-61773

    pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allow... Read more

    Affected Products : pyload-ng
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-62240

    Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through upd... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-34248

    D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to del... Read more

    Affected Products : nuclias_connect
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-59999

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the ... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-60010

    A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by us... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-60004

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an aff... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-59985

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enable... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-59975

    An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a ... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 9.4

    CRITICAL
    CVE-2025-59978

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to e... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-10283

    BBOT's gitdumper module could be abused to execute commands through a malicious git repository.... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2016-15047

    AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisti... Read more

    Affected Products :
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 4.6

    MEDIUM
    CVE-2025-62239

    Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated at... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-61911

    python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-62238

    Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows r... Read more

    Affected Products : liferay_portal dxp
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-59530

    quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a p... Read more

    Affected Products : quic-go
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-9560

    The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_newsletter shortcode in all versions up to, and including, 1.0.334 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : colibri_page_builder
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-6553

    The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attacke... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-10190

    The WP Easy Toggles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggles' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-8593

    The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1.3.27. This is due to a missing capability check on the 'install_plugin' function. This makes it possible for authenticat... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-11606

    A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possi... Read more

    Affected Products :
    • Published: Oct. 11, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection
Showing 20 of 3922 Results