Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-11330

    A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attac... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Oct. 06, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11298

    A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument m_wan_ipaddr can lead to command injection. The attack may be performed from remote. The... Read more

    Affected Products : f9k1015_firmware f9k1015
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-6541

    An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-9890

    The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated ... Read more

    Affected Products : theme_editor
    • Published: Oct. 18, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28357

    A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.... Read more

    Affected Products :
    • Published: Oct. 01, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11292

    A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing manipulation of the argument wan_ipaddr can lead to command injection. The attack can be launched remotely. The ex... Read more

    Affected Products : f9k1015_firmware f9k1015
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11288

    A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cate_id results in sql injection. Remo... Read more

    Affected Products : crmeb
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-62428

    Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-36361

    IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.... Read more

    Affected Products : app_connect_enterprise
    • Published: Oct. 24, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-60228

    Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-8049

    Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This is... Read more

    Affected Products : flipper
    • Published: Oct. 20, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-54374

    Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, includ... Read more

    Affected Products : edios eidos
    • Published: Oct. 03, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-59684

    DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.... Read more

    Affected Products : digisigner_one
    • Published: Oct. 01, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-12095

    The Simple Registration for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.8. This is due to missing nonce validation on the role requests admin page handler in the includes/display-r... Read more

    Affected Products :
    • Published: Oct. 25, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-40886

    A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potential... Read more

    Affected Products : cmc guardian
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-60305

    SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.... Read more

    Affected Products : online_student_clearance_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-49950

    Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.2.5.... Read more

    Affected Products : official_integration_for_billingo
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-62420

    DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but r... Read more

    Affected Products : dataease
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-58718

    Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025

  • 8.8

    HIGH
    CVE-2025-54399

    Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more

    Affected Products : wgr-500_firmware wgr-500
    • Published: Oct. 07, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4185 Results