Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-56572

    An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.... Read more

    Affected Products : finance.js
    • Published: Sep. 30, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Denial of Service

  • 3.3

    LOW
    CVE-2025-11195

    Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective ve... Read more

    Affected Products : appspider_pro
    • Published: Sep. 30, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-59684

    DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.... Read more

    Affected Products : digisigner_one
    • Published: Oct. 01, 2025
    • Modified: Oct. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-11282

    A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The ... Read more

    Affected Products : learning
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-11283

    A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit ha... Read more

    Affected Products : learning
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.0

    MEDIUM
    CVE-2025-11281

    A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. T... Read more

    Affected Products : learning
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-11280

    A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as... Read more

    Affected Products : learning
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-11284

    A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of th... Read more

    Affected Products :
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-61087

    SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.... Read more

    Affected Products : pet_grooming_management_software
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-60782

    PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creati... Read more

    Affected Products : php_education_management
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-61096

    PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.... Read more

    Affected Products : online_shopping_portal_project
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-56154

    htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript... Read more

    Affected Products : htmly
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-56161

    YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensit... Read more

    Affected Products : yoshop2.0
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-56162

    YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate or modif... Read more

    Affected Products : yoshop2.0
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-60660

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60662

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60663

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-60661

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-11288

    A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing manipulation of the argument cate_id results in sql injection. Remo... Read more

    Affected Products : crmeb
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-11290

    A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible ... Read more

    Affected Products : crmeb
    • Published: Oct. 05, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cryptography
Showing 20 of 4039 Results