Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-13243

    A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public a... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-13239

    A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submit_checkout. Such manipulation of the argument order_total_amount/... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 3.7

    LOW
    CVE-2025-54559

    An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-13172

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotel... Read more

    Affected Products : gym_management_system
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-54346

    A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64084

    An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authentic... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-13244

    A vulnerability was determined in code-projects Student Information System 2.0. The affected element is an unknown function of the file /register.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The explo... Read more

    Affected Products :
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-13208

    A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName res... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-12482

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of s... Read more

    Affected Products : amelia
    • Published: Nov. 16, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-63680

    Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creati... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-13202

    A security flaw has been discovered in code-projects Simple Cafe Ordering System 1.0. This affects an unknown part of the file /add_to_cart. Performing manipulation of the argument product_name results in cross site scripting. It is possible to initiate t... Read more

    Affected Products : simple_cafe_ordering_system
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.1

    LOW
    CVE-2025-4617

    An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigat... Read more

    Affected Products : prisma_browser
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-62765

    General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-13179

    A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed ... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.1

    LOW
    CVE-2025-7736

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-11865

    An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker to remove Duo flows of another user.... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-13199

    A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local acces... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-63725

    Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-12849

    The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJAX action for both authenticated and unauthenticated us... Read more

    Affected Products :
    • Published: Nov. 15, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authorization

  • 3.8

    LOW
    CVE-2025-54560

    A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.... Read more

    Affected Products :
    • Published: Nov. 14, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 3927 Results