Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-61604

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protect... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-61605

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerabili... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-61606

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=Funcio... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-61665

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers... Read more

    Affected Products : wegia
    • Published: Oct. 02, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-60450

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php compo... Read more

    Affected Products : metinfo
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60451

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, ... Read more

    Affected Products : metinfo
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60452

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerabili... Read more

    Affected Products : metinfo
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60453

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows att... Read more

    Affected Products : metinfo
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-60454

    A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows att... Read more

    Affected Products : metinfo
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-56804

    An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followin... Read more

    Affected Products : video_station
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-33034

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-33039

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-33040

    An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from a... Read more

    Affected Products : qsync_central
    • Published: Oct. 03, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-59681

    An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted d... Read more

    Affected Products : django
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-61188

    Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by th... Read more

    Affected Products : jeecg_boot
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2025-61189

    Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the ... Read more

    Affected Products : jeecg_boot
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-59531

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and ca... Read more

    Affected Products : argo-cd argo_cd
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59537

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and ca... Read more

    Affected Products : argo-cd argo_cd
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59538

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the defa... Read more

    Affected Products : argo-cd argo_cd
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-61587

    Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate... Read more

    Affected Products : weblate
    • Published: Oct. 01, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4166 Results