Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-31247 — Docling JATS XML Backend XXE DoS

Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf…

Remote | XML External Entity
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
6.5 MEDIUM
CVE-2026-31246 — GPT-Pilot Command Injection Vulnerability

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system…

Remote | Injection
May 11, 2026 May 13, 2026
May 11, 2026
May 13, 2026
7.5 HIGH
CVE-2025-65418 — DocuFORM Managed Print Service Client Directory Traversal Vulnerability

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.

Remote | Path Traversal
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-65417 — DocuFORM Managed Print Service Client Cross-Site Scripting Vulnerability

docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.3 MEDIUM
CVE-2025-65416 — DocuFORM Managed Print Service Client File Upload Vulnerability

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.

Remote | Authentication
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
5.4 MEDIUM
CVE-2025-65415 — DocuFORM Managed Print Service Client Session Fixation Vulnerability

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.

Remote | Authentication
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
7.3 HIGH
CVE-2025-61314 — DocuForm GmbH Mecury Managed Print Services Reflected Cross-Site Scripting (XSS)

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
7.3 HIGH
CVE-2025-61313 — DocuForm GmbH Mecury Managed Print Services XSS

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascrip…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
7.3 HIGH
CVE-2025-61312 — Mecury Managed Print Services (docuForm) Cross-Site Scripting (XSS)

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in …

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
7.3 HIGH
CVE-2025-61311 — DocuForm GmbH Mecury Managed Print Services XSS

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-61310 — DocuForm GmbH Mecury Managed Print Services XSS

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-61309 — DocuForm GmbH Mecury Managed Print Services XSS

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-61308 — DocuForm GmbH Mercury Managed Print Services Reflected Cross-Site Scripting (XSS)

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-61307 — GmbH Mecury docuForm Reflected Cross-Site Scripting (XSS)

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-61306 — DocuForm GmbH Mecury Managed Print Services DocuForm XSS

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
6.1 MEDIUM
CVE-2025-61305 — "DocuForm GmbH Mecury Managed Print Services Reflected Cross-Site Scripting (XSS)"

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in…

Remote | Cross-Site Scripting
May 11, 2026 May 12, 2026
May 11, 2026
May 12, 2026
Showing 20 of 7576 Results