Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-60738

    An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via the ping.php component does not perform secure filtering on IP parameters... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-65226

    Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-65223

    Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-65222

    Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-65221

    Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-65220

    Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-65026

    esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is ... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-65025

    esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing spec... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-64984

    Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version with anti-virus databases prior to 18.11.2025), and ... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-63719

    Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63371

    Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Path Traversal

  • 6.8

    MEDIUM
    CVE-2025-62346

    A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-60799

    phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'qu... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-60798

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attack... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-60797

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->c... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-60796

    phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations i... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-60794

    Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugg... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-5092

    Multiple plugins and/or themes for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled lightGallery library (<= 2.8.3) in various versions due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products : ibtana
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-59088

    If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability... Read more

    • Published: Nov. 12, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-41076

    In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Y... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3972 Results