Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-52757

    Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-5343

    Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.... Read more

    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-35052

    Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/... Read more

    • Published: Oct. 09, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-10928

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.... Read more

    Affected Products : drupal access_code
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-10740

    The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to unauthorized access to functionality provided by the API due to a missing capability check on the verifyRequest function in all versions up to, and including, 3.0.7. This makes i... Read more

    Affected Products :
    • Published: Oct. 24, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-8483

    The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly valid... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-53236

    Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-11965

    In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them (e.g. '.git/confi... Read more

    Affected Products : vert.x-web
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-58424

    On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-3930

    Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days ... Read more

    Affected Products : strapi
    • Published: Oct. 16, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-61762

    Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to co... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.3

    MEDIUM
    CVE-2025-11441

    A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication att... Read more

    Affected Products : opnform
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-11443

    A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes information exposure through discrepancy. It is possible ... Read more

    Affected Products : opnform
    • Published: Oct. 08, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-25298

    Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hashing. Bcryptjs ignores any bytes beyond 72, so passwords longer than 72 bytes are silently... Read more

    Affected Products : strapi
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-11633

    A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The ... Read more

    • Published: Oct. 12, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-27208

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execu... Read more

    Affected Products : revive_adserver
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-34237

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker t... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-12616

    A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate th... Read more

    Affected Products : news_portal news_portal_project
    • Published: Nov. 03, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2025-60711

    Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : edge_chromium
    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025

  • 6.3

    MEDIUM
    CVE-2025-12547

    A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attem... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication
Showing 20 of 3922 Results