Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-58582

    If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-58581

    When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of t... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-58580

    An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-58579

    Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 3.8

    LOW
    CVE-2025-58578

    A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization

  • 9.0

    HIGH
    CVE-2025-11325

    A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing manipulation of the argument Username results in stack-based buffer overflow. ... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 06, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-11324

    A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack can... Read more

    Affected Products : ac18_firmware ac18
    • Published: Oct. 06, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-9710

    The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks.... Read more

    Affected Products : responsive_lightbox
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-9703

    The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerabi... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-57781

    The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2025-11323

    A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Affected is the function strcpy of the file /goform/formUserStatusRemark. This manipulation of the argument Username causes buffer overflow. Remote exploitation of the attack is possible.... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-11322

    A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak passw... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-11321

    A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument sub... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-11320

    A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-11319

    A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes sql inje... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11318

    A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the argument File results in unrestricted upload. The attack... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-11317

    A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort leads to sql injection. The attack is poss... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11316

    A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql i... Read more

    Affected Products :
    • Published: Oct. 06, 2025
    • Modified: Oct. 06, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-50538

    Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.... Read more

    Affected Products : flowise
    • Published: Oct. 06, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-29192

    Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.... Read more

    Affected Products : flowise
    • Published: Oct. 06, 2025
    • Modified: Oct. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3968 Results