Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-12482

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of s... Read more

    Affected Products : amelia
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-63291

    When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the sp... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2021-4466

    IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the EMAIL_PW parameter, direct... Read more

    Affected Products : ipcop
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-13186

    A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/manage_customer. This manipulation of the argument Search causes cross sit... Read more

    Affected Products : isshue
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.1

    LOW
    CVE-2025-4616

    An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2021-4469

    Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote at... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-62765

    General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-64307

    The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, c... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-13238

    A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-13033

    A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This ca... Read more

    Affected Products : nodemailer
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-55034

    General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-12182

    The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `resize_image_callback()` function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user h... Read more

    Affected Products : qi_blocks
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-13187

    A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The at... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-9317

    The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.... Read more

    Affected Products : aveva_edge
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-64308

    The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-8386

    The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in hor... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-13208

    A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName res... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-13221

    A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-13164

    EasyFlow GP developed by Digiwin has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to obtain plaintext credentials of AD and system mail from the system frontend.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-12457

    The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3937 Results