Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-41017

    Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras/<CAMERA_ID>/perspective”.... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-12394

    The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable witho... Read more

    Affected Products : backup_migration
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 8.6

    HIGH
    CVE-2025-12816

    An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptogr... Read more

    Affected Products : forge
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2025-13467

    A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.... Read more

    Affected Products : keycloak
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 2.7

    LOW
    CVE-2025-13596

    A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error ... Read more

    Affected Products : ciges
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-12629

    The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : broken_link_manager
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-13589

    FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-51741

    An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-55074

    Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects... Read more

    Affected Products : mattermost_server
    • Published: Nov. 18, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-13316

    Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password... Read more

    Affected Products : linux_kernel windows twonky_server
    • Published: Nov. 19, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-65099

    Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog... Read more

    Affected Products : claude_code
    • Published: Nov. 19, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-13415

    A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate th... Read more

    Affected Products : easyimages2.0
    • Published: Nov. 19, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-13443

    A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the ... Read more

    Affected Products : mall
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-60796

    phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations i... Read more

    Affected Products : phppgadmin
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-60797

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->c... Read more

    Affected Products : phppgadmin
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-60798

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attack... Read more

    Affected Products : phppgadmin
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-60799

    phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject', 'server', 'database', 'qu... Read more

    Affected Products : phppgadmin
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-62709

    ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the incoming HTTP Host header when the configuration base_url is not set. Be... Read more

    Affected Products : clipbucket
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-48986

    Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.... Read more

    Affected Products : revive_adserver
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2025-48987

    Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.... Read more

    Affected Products : revive_adserver
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4263 Results