Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-11590

    A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possibl... Read more

    Affected Products : gym_management_system
    • Published: Oct. 11, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-9554

    Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025

  • 5.3

    MEDIUM
    CVE-2025-9553

    Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-9552

    Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-9551

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-9550

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.... Read more

    Affected Products : facets
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-9549

    Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.... Read more

    Affected Products : facets
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-8093

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.... Read more

    Affected Products : authenticator_login
    • Published: Oct. 10, 2025
    • Modified: Oct. 15, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-62162

    cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evalu... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-62159

    External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 thro... Read more

    Affected Products : external_secrets_operator
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-52885

    Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw p... Read more

    Affected Products : poppler
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-52647

    The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.... Read more

    Affected Products : bigfix_webui
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-11626

    MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-61912

    python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-61911

    python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict... Read more

    Affected Products :
    • Published: Oct. 10, 2025
    • Modified: Oct. 14, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11589

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack r... Read more

    Affected Products : gym_management_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-11588

    A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploi... Read more

    Affected Products : gym_management_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11586

    A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely... Read more

    Affected Products : ac7_firmware ac7
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-11585

    A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploi... Read more

    Affected Products : project_monitoring_system
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-11584

    A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the att... Read more

    Affected Products : online_job_search_engine
    • Published: Oct. 10, 2025
    • Modified: Oct. 20, 2025
    • Vuln Type: Injection
Showing 20 of 3990 Results