Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-59252

    M365 Copilot Spoofing Vulnerability... Read more

    Affected Products : 365_word_copilot
    • Published: Oct. 09, 2025
    • Modified: Oct. 17, 2025

  • 6.5

    MEDIUM
    CVE-2025-56769

    An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.... Read more

    Affected Products : hutool
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-29155

    An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint... Read more

    Affected Products : swagger_petstore
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62651

    The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-10974

    A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud lead... Read more

    Affected Products :
    • Published: Sep. 25, 2025
    • Modified: Sep. 26, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11908

    A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. ... Read more

    Affected Products :
    • Published: Oct. 17, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-54957

    An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buf... Read more

    Affected Products :
    • Published: Oct. 20, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-55556

    TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.... Read more

    Affected Products : tensorflow tensorflow_serving
    • Published: Sep. 25, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-59956

    AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint s... Read more

    Affected Products : agentapi
    • Published: Sep. 30, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-57254

    An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly s... Read more

    Affected Products :
    • Published: Sep. 30, 2025
    • Modified: Oct. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56380

    Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52050

    In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injectin... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52049

    In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the time... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52043

    In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQ... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-52047

    In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter... Read more

    Affected Products : erpnext
    • Published: Sep. 30, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-56381

    ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.... Read more

    Affected Products : frappe erpnext
    • Published: Oct. 02, 2025
    • Modified: Oct. 03, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-59593

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334.... Read more

    Affected Products : colibri_page_builder
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-10981

    A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may b... Read more

    Affected Products : jeecgboot
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-60267

    In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more

    Affected Products : xckk
    • Published: Oct. 09, 2025
    • Modified: Oct. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-10978

    A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from... Read more

    Affected Products : jeecgboot
    • Published: Sep. 25, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 3949 Results