Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-10242

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-61524

    An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's per... Read more

    Affected Products : casdoor
    • Published: Oct. 08, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-11668

    A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password causes sql injection. The attack is possible t... Read more

    • Published: Oct. 13, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-10754

    The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-10243

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11470

    A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /manage_website.php. The manipulation of the argument website_image/back_login_image leads to... Read more

    Affected Products : hotel_and_lodge_management_system
    • Published: Oct. 08, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-10239

    In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes... Read more

    Affected Products : flowmon
    • Published: Oct. 09, 2025
    • Modified: Oct. 09, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-37146

    A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary com... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11903

    A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploi... Read more

    Affected Products : chancms
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11944

    A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes sql injection. The attack may be initiated remotely. Th... Read more

    Affected Products : vvveb
    • Published: Oct. 19, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-11902

    A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiate... Read more

    Affected Products : chancms
    • Published: Oct. 17, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-62429

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PH... Read more

    Affected Products : clipbucket
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-60500

    QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of a... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-10051

    The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Adminis... Read more

    Affected Products :
    • Published: Oct. 15, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2023-6215

    A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of s... Read more

    Affected Products :
    • Published: Oct. 07, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-34248

    D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to del... Read more

    Affected Products : nuclias_connect
    • Published: Oct. 09, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-10985

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-62290

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to c... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025

  • 7.2

    HIGH
    CVE-2025-61927

    Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. A Node.js VM Context i... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-22258

    A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 thr... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3912 Results