Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-50574

    Cross-site scripting (XSS) vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter.... Read more

    Affected Products : glamour_salon_management_system
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53058

    Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Application Logging Interfaces). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker wit... Read more

    Affected Products : applications_manager
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-12333

    A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate... Read more

    Affected Products : e-commerce_website
    • Published: Oct. 27, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12334

    A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. It is possible to launch... Read more

    Affected Products : e-commerce_website
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12335

    A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes cross site scripting... Read more

    Affected Products : e-commerce_website
    • Published: Oct. 28, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-20351

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. ... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-44088

    Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could l... Read more

    Affected Products : geode
    • Published: Oct. 14, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-58115

    ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product.... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-61431

    A reflected cross-site scripted (XSS) vulnerability in the /jsp/gsfr_feditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser vi... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53055

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-53052

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network acce... Read more

    Affected Products : workflow
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 6.1

    MEDIUM
    CVE-2025-54196

    Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user i... Read more

    Affected Products : macos connect windows
    • Published: Oct. 14, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-12450

    The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker... Read more

    Affected Products : litespeed_cache
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-11952

    Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerabil... Read more

    Affected Products : chatbot
    • Published: Oct. 22, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-56313

    A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 (inclusive). This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12456

    The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to mo... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-54969

    An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to subm... Read more

    Affected Products : socet_gxp
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-61427

    A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the userid and password parameters.... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13993

    Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-55097

    In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device.... Read more

    Affected Products : threadx_usbx
    • Published: Oct. 17, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4020 Results