Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-41102

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Nov. 11, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-41103

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Nov. 11, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-41104

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estim... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Nov. 11, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-64046

    OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-41105

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Nov. 11, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-41106

    HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Nov. 11, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-4321

    In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-13287

    A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category can lead to sql injection. The attack can be executed remo... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-13190

    A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performe... Read more

    Affected Products : dir-816l_firmware
    • Published: Nov. 15, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13189

    A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried ou... Read more

    Affected Products : dir-816l_firmware
    • Published: Nov. 15, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-13286

    A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argument ID results in sql injection. Remote exploitation of t... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13285

    A vulnerability was identified in itsourcecode Online Voting System 1.0. The affected element is an unknown function of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploi... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-11681

    Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-13280

    A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. Executing manipulation of the argument Username can lead to sql injection. The attack may b... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13279

    A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remot... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13278

    A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefrom/dateto leads to sql injection. The attack can be laun... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-60500

    QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of a... Read more

    Affected Products : smart_school
    • Published: Oct. 21, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-56799

    Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user wer... Read more

    Affected Products : reolink
    • Published: Oct. 21, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-56800

    Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password i... Read more

    Affected Products : reolink
    • Published: Oct. 21, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-56801

    The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration dat... Read more

    Affected Products : reolink
    • Published: Oct. 21, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Cryptography
Showing 20 of 3681 Results