Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-64493

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. Thi... Read more

    Affected Products : suitecrm
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NONE
    CVE-2025-64481

    Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing ... Read more

    Affected Products : datasette
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-64490

    SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the R... Read more

    Affected Products : suitecrm
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-11967

    The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attacke... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-12399

    The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes i... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-12643

    The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphali_liqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-12913

    A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit h... Read more

    Affected Products : responsive_hotel_site
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-12914

    A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be ... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-12409

    A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-41107

    Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/online_admission', wich affects the parameters 'firstname', 'lastname', 'guardian_name' and others. This vu... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-64456

    In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation... Read more

    Affected Products : resharper
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-64682

    In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit... Read more

    Affected Products : hub
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Race Condition

  • 7.1

    HIGH
    CVE-2025-63711

    A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user d... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-63455

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.8

    MEDIUM
    CVE-2025-12927

    A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives_add.php. Such manipulation of the argument flags[] leads to sql injection. The attack can be executed remotely. The ... Read more

    Affected Products : dedebiz
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 5.9

    MEDIUM
    CVE-2025-43723

    Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerabilit... Read more

    Affected Products : powerscale_onefs
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cryptography

  • 8.6

    HIGH
    CVE-2025-47286

    Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrator can, by editing the configuration of the iTop instance, execute code on the server. Versions 2.7.13 and 3.2.2 escape and check the config param... Read more

    Affected Products : itop
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-12865

    U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more

    Affected Products : u-office_force
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40108

    In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its dependent commit 86fa39dd6fb7 ("serial: qcom-geni: Enab... Read more

    Affected Products : linux_kernel
    • Published: Nov. 09, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 4.2

    MEDIUM
    CVE-2025-12729

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Mediu... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3839 Results