Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2025-58300

    Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Oct. 11, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-54764

    Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.... Read more

    Affected Products : mbed_tls
    • Published: Oct. 20, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-10023

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users with elevated privileges.This issue affects Infra Monitori... Read more

    Affected Products : infra_monitoring
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-62364

    text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symboli... Read more

    Affected Products :
    • Published: Oct. 13, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 6.2

    MEDIUM
    CVE-2025-59258

    Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 20, 2025

  • 6.2

    MEDIUM
    CVE-2025-46185

    An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive information via the plaintext storage of passwords and usernames.... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-61413

    A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62358

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject arbitrary JavaScript,... Read more

    Affected Products : wegia
    • Published: Oct. 13, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62359

    WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /pet/profile_pet.php?id_pet= endpoint of the WeGIA application. This... Read more

    Affected Products : wegia
    • Published: Oct. 13, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61456

    A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-31969

    HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.... Read more

    Affected Products : unica
    • Published: Oct. 12, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-57240

    Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step.... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62365

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` functio... Read more

    Affected Products : librenms
    • Published: Oct. 13, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-62407

    Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in. This vulnerability is fixed in 14.98.0 and 15.83.0.... Read more

    Affected Products : frappe
    • Published: Oct. 16, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-60176

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60781

    PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.... Read more

    Affected Products : php_education_management
    • Published: Oct. 20, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-34512

    Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this vulnerability, and reco... Read more

    • Published: Oct. 16, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10869

    Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerabil... Read more

    Affected Products : chatbot
    • Published: Oct. 15, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60859

    Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.... Read more

    Affected Products : gnuboard
    • Published: Oct. 23, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60936

    Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.... Read more

    Affected Products : emoncms
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3686 Results