Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-62968

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.... Read more

    Affected Products : wp_last_modified_info
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62963

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.1.13.... Read more

    Affected Products : estatik
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12010

    The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : authors_list
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-46425

    Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauth... Read more

    • Published: Oct. 24, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: XML External Entity

  • 6.5

    MEDIUM
    CVE-2025-53408

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Nov. 07, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-5983

    The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62921

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a throug... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-56007

    CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.... Read more

    Affected Products : keeneticos
    • Published: Oct. 23, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52865

    A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in... Read more

    Affected Products : file_station
    • Published: Nov. 07, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-56450

    Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulti... Read more

    Affected Products :
    • Published: Oct. 21, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13059

    A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /manage_career.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is poss... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-49940

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.... Read more

    Affected Products : avada
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12223

    A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be lau... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-49908

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a throu... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63784

    An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value w... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-53068

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execut... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-61754

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via ... Read more

    Affected Products : bi_publisher
    • Published: Oct. 21, 2025
    • Modified: Oct. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-63686

    There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23) in the document query function under the Download Center menu in the PersonManage system.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-63563

    Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimat... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-53035

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vuln... Read more

    • Published: Oct. 21, 2025
    • Modified: Oct. 23, 2025
Showing 20 of 3722 Results