Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-27906

    IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be re... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-62583

    Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.... Read more

    Affected Products : whale
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-62584

    Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.... Read more

    Affected Products : whale
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 3.1

    LOW
    CVE-2025-6026

    An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and teleme... Read more

    Affected Products : universal_device_client
    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-62585

    Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.... Read more

    Affected Products : whale
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-41018

    SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.... Read more

    Affected Products : exito
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-41020

    Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.... Read more

    Affected Products : exito
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-41021

    Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=product_update'. This vulnerability co... Read more

    Affected Products : exito
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0276

    HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and... Read more

    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-61933

    A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-61935

    When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-61990

    When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more

    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-61540

    SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.... Read more

    Affected Products : ultimate_php_board
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-61539

    Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.... Read more

    Affected Products : ultimate_php_board
    • Published: Oct. 16, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.6

    MEDIUM
    CVE-2025-53860

    A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions which have reached End of Technical Suppor... Read more

    Affected Products : f5os-a r10920-df r5920-df
    • Published: Oct. 15, 2025
    • Modified: Oct. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-2934

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicio... Read more

    Affected Products : gitlab
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 7.7

    HIGH
    CVE-2025-11340

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerabili... Read more

    Affected Products : gitlab
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-10004

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large reposi... Read more

    Affected Products : gitlab
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-11604

    A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is po... Read more

    Affected Products : online_food_ordering_system
    • Published: Oct. 11, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-11550

    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer derefe... Read more

    Affected Products : w12_firmware w12
    • Published: Oct. 09, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4083 Results