Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-4341

    Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.... Read more

    Affected Products : extreme_xds
    • Published: Jul. 08, 2024
    • Modified: Sep. 12, 2025

  • 7.5

    HIGH
    CVE-2024-1662

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02.... Read more

    Affected Products : powerbank
    • Published: Jun. 05, 2024
    • Modified: Sep. 12, 2025

  • 7.5

    HIGH
    CVE-2024-1272

    Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.... Read more

    Affected Products : cockpit
    • Published: Jun. 05, 2024
    • Modified: Sep. 12, 2025

  • 4.6

    MEDIUM
    CVE-2024-1153

    Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.... Read more

    Affected Products : travel_apps
    • Published: Jun. 27, 2024
    • Modified: Sep. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-1107

    Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.... Read more

    Affected Products : travel_apps
    • Published: Jun. 27, 2024
    • Modified: Sep. 12, 2025

  • 9.6

    CRITICAL
    CVE-2024-11319

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.... Read more

    Affected Products : django_cms
    • Published: Nov. 18, 2024
    • Modified: Sep. 12, 2025

  • 8.8

    HIGH
    CVE-2024-11142

    Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery.This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05.... Read more

    Affected Products : proticaret
    • Published: May. 02, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2023-5989

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS. This issue affects LioXERP: before v.146.... Read more

    Affected Products : lioxerp
    • Published: Dec. 21, 2023
    • Modified: Sep. 12, 2025

  • 7.2

    HIGH
    CVE-2025-8575

    The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-7337

    An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affect... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2025-6769

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details th... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-6454

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecti... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.3

    MEDIUM
    CVE-2025-58781

    WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic.... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-2256

    An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending mu... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-1250

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit me... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-10291

    A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed r... Read more

    Affected Products : litemall
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-10287

    A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-10094

    An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations b... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-9881

    The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-9880

    The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attac... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293633 Results