Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-56382

    A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing custom... Read more

    Affected Products : salepro_pos
    • Published: Oct. 06, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-56551

    An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.... Read more

    Affected Products : directadmin
    • Published: Oct. 03, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-11719

    Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.... Read more

    Affected Products : firefox thunderbird windows
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 4.7

    MEDIUM
    CVE-2025-55971

    TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the UPnP MediaRenderer service (AVTransport:1). The devic... Read more

    Affected Products : 65c655_firmware 65c655
    • Published: Oct. 03, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-60307

    code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-60305

    SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2025-11731

    A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in... Read more

    Affected Products :
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-11717

    When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Fi... Read more

    Affected Products : android firefox
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-11718

    When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144.... Read more

    Affected Products : android firefox
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-11720

    The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from ... Read more

    Affected Products : android firefox
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-11721

    Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbi... Read more

    Affected Products : firefox thunderbird
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-10243

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-10985

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-10986

    Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-10242

    OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager_mobile
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-26008

    An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 th... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2024-33507

    An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote u... Read more

    Affected Products : fortiisolator
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-47569

    A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, For... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2024-48891

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a... Read more

    Affected Products : fortisoar fortisoaron-premise
    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-50571

    A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15, 6.2.0 through 6.2.17, FortiManager Cloud 7.6.2, 7.4.1 through 7.4.5, 7.2.1 through 7.2.8, 7.0.1 th... Read more

    • Published: Oct. 14, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3814 Results