Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2025-61659

    bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-7104

    A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields withou... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-58385

    In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-11069

    A vulnerability was determined in westboy CicadasCMS 1.0. Affected by this issue is some unknown functionality of the file /system/org/save of the component Add Department Handler. This manipulation of the argument Name causes cross site scripting. The at... Read more

    Affected Products : cicadascms
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-10657

    In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.doc... Read more

    Affected Products : desktop
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-10342

    HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-11070

    A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is ... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11040

    A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The a... Read more

    Affected Products : hostel_management_system
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11052

    A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack c... Read more

    Affected Products :
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-11139

    A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of... Read more

    Affected Products : zhiyou_erp
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-11140

    A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity ... Read more

    Affected Products : zhiyou_erp
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: XML External Entity

  • 4.8

    MEDIUM
    CVE-2025-11067

    A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitat... Read more

    Affected Products : visitor_management_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-11055

    A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotel... Read more

    Affected Products : online_hotel_reservation_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-11155

    The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.... Read more

    Affected Products :
    • Published: Sep. 29, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Cryptography

  • 9.9

    CRITICAL
    CVE-2025-55187

    In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-11054

    A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack may b... Read more

    Affected Products : open_source_job_portal
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11066

    A flaw has been found in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/bidlist.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploi... Read more

    Affected Products : online_bidding_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11062

    A vulnerability was determined in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/save_student.php. Executing manipulation of the argument class_id can lead to sql injection. The attack may be pe... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11032

    A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql inj... Read more

    Affected Products :
    • Published: Sep. 26, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-11077

    A vulnerability was determined in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/add_content.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be executed remot... Read more

    Affected Products : online_learning_management_system
    • Published: Sep. 27, 2025
    • Modified: Sep. 29, 2025
    • Vuln Type: Injection
Showing 20 of 4246 Results