Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-54471

    NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.... Read more

    Affected Products : neuvector
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-60639

    Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26).... Read more

    Affected Products :
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-60834

    A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.... Read more

    Affected Products : uzy-ssm-mall
    • Published: Oct. 08, 2025
    • Modified: Oct. 10, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-59257

    Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-60790

    ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.... Read more

    Affected Products : processwire
    • Published: Oct. 21, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-60852

    A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue co... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62885

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.42.... Read more

    Affected Products : wp_vr
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62971

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through <= 1.4.5.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12222

    A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted up... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-62024

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through <= 1.2.9.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12203

    A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing manipulation of the argument File can lead to path traversal. The attac... Read more

    Affected Products : vvveb
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-49939

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8.... Read more

    Affected Products : jetelements_for_elementor
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62019

    Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more

    • Published: Oct. 22, 2025
    • Modified: Oct. 24, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62060

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through <= 1.8.... Read more

    Affected Products : tab_ultimate
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-6601

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request ap... Read more

    Affected Products : gitlab
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-48980

    In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site nav... Read more

    Affected Products :
    • Published: Oct. 31, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-62058

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0.... Read more

    Affected Products :
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12347

    A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upl... Read more

    Affected Products : cms
    • Published: Oct. 28, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-59259

    Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-62068

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.... Read more

    Affected Products : e2pdf
    • Published: Oct. 22, 2025
    • Modified: Oct. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3788 Results