Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-7647

    The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability ... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-8014

    Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource e... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-11069

    A vulnerability was determined in westboy CicadasCMS 1.0. Affected by this issue is some unknown functionality of the file /system/org/save of the component Add Department Handler. This manipulation of the argument Name causes cross site scripting. The at... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-11068

    A vulnerability was found in westboy CicadasCMS 1.0. Affected by this vulnerability is an unknown functionality of the file /system/cms/category/save. The manipulation of the argument categoryName results in cross site scripting. The attack can be execute... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-11067

    A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitat... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-11066

    A flaw has been found in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/bidlist.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploi... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11064

    A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Impacted is an unknown function of the file /admin/teachers.php. The manipulation of the argument department results in sql injection. It is possible to launch the att... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11063

    A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11062

    A vulnerability was determined in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/save_student.php. Executing manipulation of the argument class_id can lead to sql injection. The attack may be pe... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11061

    A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/edit_student.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out ... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11057

    A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/print_inv.php. Such manipulation of the argument ID leads to sql injection. The attack can be ex... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11056

    A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file owner_panel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Re... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11055

    A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotel... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11054

    A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack may b... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11053

    A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has bee... Read more

    Affected Products : small_crm
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-9944

    The Professional Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the watch_for_contact_form_submit function. This makes it p... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-9899

    The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feed... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-9898

    The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cforms_api function. This makes it possibl... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-9896

    The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-9894

    The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 27, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4355 Results