Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-41086

    Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the... Read more

    Affected Products : gams
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-41066

    Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including ... Read more

    Affected Products : groupware
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-41015

    User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapactio... Read more

    Affected Products : gim
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 6.9

    MEDIUM
    CVE-2025-41014

    User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapactio... Read more

    Affected Products : gim
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-41013

    SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.... Read more

    Affected Products : gim
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-13731

    The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-13295

    Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-41012

    Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockU... Read more

    Affected Products : gim
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-40700

    Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exp... Read more

    Affected Products : governalia
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-13879

    Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/a... Read more

    Affected Products : solidserver_ipam
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-12465

    A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but... Read more

    Affected Products : quick.cms
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-11789

    Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the param... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-11788

    Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function ret... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-11787

    Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-11786

    Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, a... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-11785

    Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieve... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-11784

    Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-11783

    Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This c... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-11782

    Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (6... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-11781

    Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or ... Read more

    Affected Products : circutor
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cryptography
Showing 20 of 3313 Results