Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-62388

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62387

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62385

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62384

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62383

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-60639

    Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26).... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-11623

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62389

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62386

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56426

    An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.... Read more

    Affected Products : bagisto
    • Published: Oct. 09, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-61766

    Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or incr... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-61224

    Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12344

    A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted u... Read more

    Affected Products :
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-12329

    A security flaw has been discovered in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation of the argument ID results in sql injection. Remote expl... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-60268

    An arbitrary file upload vulnerability exists in JeeWMS 20250820, which is caused by the lack of file checking in the saveFiles function in /jeewms/cgUploadController.do. An attacker with normal privileges was able to upload a malicious file that would le... Read more

    Affected Products : jeewms
    • Published: Oct. 10, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-44011

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-44008

    A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in ... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-10746

    The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for... Read more

    Affected Products :
    • Published: Oct. 04, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-42706

    A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 ... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-11491

    A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the att... Read more

    Affected Products :
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Injection
Showing 20 of 3896 Results