Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-7711

    The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that d... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-52578

    Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.3... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-12775

    The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uplo... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-40548

    A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-12823

    The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-64756

    Glob matches files using patterns the shell uses. From versions 10.3.7 to 11.0.3, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob ... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13253

    A vulnerability was determined in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /add_librarian.php. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out ... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-10460

    A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnera... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13300

    A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remote... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-12457

    The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-13165

    EasyFlow GP developed by Digiwin has a Denial of service vulnerability, allowing unauthenticated remote attackers to send specific requests that result in denial of web service.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-8609

    The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-44654

    PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-36553

    A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue ... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-12088

    The Meta Display Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meta Display Block in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-31649

    A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged op... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-13286

    A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argument ID results in sql injection. Remote exploitation of t... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-13305

    A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffe... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.5

    MEDIUM
    CVE-2025-55058

    CWE-20 Improper Input Validation... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025

  • 2.4

    LOW
    CVE-2025-64734

    Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. Thi... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3835 Results