Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-63784

    An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value w... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-57698

    AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to as... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-3222

    Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-11925

    Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    • Published: Oct. 17, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-62429

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PH... Read more

    Affected Products : clipbucket
    • Published: Oct. 20, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-63783

    A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or memb... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-63689

    Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-63687

    An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-63686

    There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23) in the document query function under the Download Center menu in the PersonManage system.... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-63551

    A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to ... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.3

    HIGH
    CVE-2025-60541

    A Server-Side Request Forgery (SSRF) in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-58619

    Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-58592

    Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.... Read more

    Affected Products : translatepress
    • Published: Nov. 06, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Injection

  • 1.2

    LOW
    CVE-2025-58469

    A cross-site request forgery (CSRF) vulnerability has been reported to affect QuLog Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following ver... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 2.2

    LOW
    CVE-2025-58465

    A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the ... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-58464

    A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following v... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 2.3

    LOW
    CVE-2025-58463

    A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fi... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 4.0

    MEDIUM
    CVE-2025-57712

    A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability ... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 2.2

    LOW
    CVE-2025-57706

    A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vu... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.2

    LOW
    CVE-2025-54168

    A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixe... Read more

    Affected Products :
    • Published: Nov. 07, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 3924 Results