Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-10762

    A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-10181

    The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This mak... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-39846

    In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is ... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-10768

    A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be ... Read more

    Affected Products : h2o
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-10770

    A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation... Read more

    Affected Products : jimureport
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-53692

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experie... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-10718

    A vulnerability was found in Ooma Office Business Phone App up to 7.2.2 on Android. This affects an unknown part of the component com.ooma.office2. The manipulation results in improper export of android application components. The attack needs to be appro... Read more

    Affected Products :
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-10769

    A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be laun... Read more

    Affected Products : h2o
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-10778

    A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-39862

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211_rest... Read more

    Affected Products : linux_kernel
    • Published: Sep. 19, 2025
    • Modified: Sep. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-10764

    A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to ser... Read more

    Affected Products :
    • Published: Sep. 21, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-10652

    The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of suffic... Read more

    Affected Products :
    • Published: Sep. 20, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-10776

    A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-10787

    A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may ... Read more

    Affected Products : muyucms
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-57985

    Missing Authorization vulnerability in MantraBrain Ultimate Watermark allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Watermark: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-57989

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brajesh Singh WordPress Widgets Shortcode allows Stored XSS. This issue affects WordPress Widgets Shortcode: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-57980

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS. This issue affects Safety Exit: from n/a through 1.8.0.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-57981

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.3.1.... Read more

    Affected Products : wp_social_widget
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-57969

    Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hide WP Toolbar: from n/a through 2.7.... Read more

    Affected Products :
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-57961

    Missing Authorization vulnerability in Codexpert, Inc CoDesigner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoDesigner: from n/a through 4.25.2.... Read more

    Affected Products : codesigner
    • Published: Sep. 22, 2025
    • Modified: Sep. 22, 2025
    • Vuln Type: Authorization
Showing 20 of 4533 Results