Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-13395

    A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. ... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-59117

    Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. The... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-9312

    A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain defaul... Read more

    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-63994

    An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-12349

    The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perfo... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 4.7

    MEDIUM
    CVE-2025-58412

    A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or... Read more

    Affected Products : fortiadc
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-12760

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.... Read more

    Affected Products : drupal email_tfa
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-13080

    Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.... Read more

    Affected Products : drupal
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-65026

    esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is ... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-63602

    A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This is due to the implementation of an insecure version of WinRing0 (1.2.0.5, renamed to I... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2024-8528

    Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-12484

    The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple social media username parameters in all versions up to, and includ... Read more

    Affected Products : rafflepress
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-63879

    A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into th... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-63829

    eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-34330

    AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-13206

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63604

    A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the execute_query method. The vulnerability stems from the exposure of dangerous Python bui... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-59115

    Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation. Malicious attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting logs page by admin. ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 1.9

    LOW
    CVE-2025-54821

    An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1... Read more

    Affected Products : fortios fortipam
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-63217

    The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Authentication
Showing 20 of 3966 Results