Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-64202

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62389

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-63608

    A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.... Read more

    Affected Products :
    • Published: Oct. 30, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-62386

    SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.... Read more

    Affected Products : endpoint_manager
    • Published: Oct. 13, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-12223

    A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be lau... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-62984

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.1.... Read more

    Affected Products : wp_adcenter
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-61540

    SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.... Read more

    Affected Products : ultimate_php_board
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-55700

    Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 31, 2025

  • 6.5

    MEDIUM
    CVE-2025-0277

    HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.... Read more

    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-62974

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Stored XSS.This issue affects Headline Analyzer: from n/a through <= 1.3.7.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12808

    Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : * Devolutions Serv... Read more

    Affected Products : devolutions_server
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62969

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.... Read more

    Affected Products : nextmove
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62968

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.... Read more

    Affected Products : wp_last_modified_info
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62963

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.1.13.... Read more

    Affected Products : estatik
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64208

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through <= 1.1.4.... Read more

    Affected Products :
    • Published: Oct. 29, 2025
    • Modified: Oct. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62951

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through <= 1.16.0.... Read more

    Affected Products : h5p
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62948

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Konstantin Pankratov Date counter date-counter allows Stored XSS.This issue affects Date counter: from n/a through <= 2.0.3.... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62921

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title Attribute: from n/a throug... Read more

    Affected Products :
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-58739

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more

    • Published: Oct. 14, 2025
    • Modified: Nov. 06, 2025

  • 6.5

    MEDIUM
    CVE-2025-56007

    CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.... Read more

    Affected Products : keeneticos
    • Published: Oct. 23, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Injection
Showing 20 of 3717 Results