Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-6171

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by a... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2025-6945

    GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hi... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-7000

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessin... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-13239

    A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/... Read more

    Affected Products : isshue
    • Published: Nov. 16, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-13250

    A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotel... Read more

    Affected Products : datax-web
    • Published: Nov. 16, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-13251

    A flaw has been found in WeiYe-Jing datax-web up to 2.1.2. Affected is an unknown function. Executing manipulation can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.... Read more

    Affected Products : datax-web
    • Published: Nov. 16, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-11681

    Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.... Read more

    Affected Products : m-files_server
    • Published: Nov. 17, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-13267

    A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can b... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-63708

    Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism wh... Read more

    Affected Products : ai_font_matcher
    • Published: Nov. 17, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-13297

    A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads to sql injection. The attack can be exe... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-55124

    Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-55123

    Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-52671

    Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-52670

    Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-52669

    Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-52668

    Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-52667

    Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2025-52666

    Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-48987

    Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-48986

    Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.... Read more

    Affected Products :
    • Published: Nov. 20, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Authorization
Showing 20 of 3912 Results