Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-11119

    A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scr... Read more

    Affected Products : hostel_management_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-11112

    A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be laun... Read more

    Affected Products : employee_record_management_system
    • Published: Sep. 28, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-5200

    The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10341

    HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.... Read more

    Affected Products : perfex_crm
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10343

    HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.... Read more

    Affected Products : perfex_crm
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10345

    HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.... Read more

    Affected Products : perfex_crm
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59758

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59757

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-10346

    HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.... Read more

    Affected Products : perfex_crm
    • Published: Sep. 29, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-9946

    The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthen... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-60001

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the atta... Read more

    Affected Products : junos_space
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59774

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60312

    Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Conver... Read more

    Affected Products : markdown_to_html_converter
    • Published: Oct. 07, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59773

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61606

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=Funcio... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-59770

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-9884

    The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers... Read more

    Affected Products :
    • Published: Oct. 03, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-59764

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-59769

    Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more

    Affected Products : e-tms
    • Published: Oct. 02, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60453

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows att... Read more

    Affected Products : metinfo
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3984 Results