Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.1

HIGH

CVE-2025-64784

DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Expl...

Affected Products : macos windows dng_software_development_kit
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Vuln Type: Memory Corruption
7.1

HIGH

CVE-2025-41746

An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulner...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin....

Affected Products :
Published: Dec. 10, 2025

Modified: Dec. 12, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-49341

Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creator Lite pdf-creator-lite allows Stored XSS.This issue affects PDF Creator Lite: from n/a through <= 1.2....

Affected Products :
Published: Dec. 09, 2025

Modified: Dec. 11, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-41695

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilit...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41745

An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnera...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-49347

Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR wp-sifr allows Stored XSS.This issue affects WP sIFR: from n/a through <= 0.6.8.1....

Affected Products :
Published: Dec. 09, 2025

Modified: Dec. 11, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-1161

Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025....

Affected Products :
Published: Dec. 10, 2025

Modified: Dec. 12, 2025

Vuln Type: Authorization
7.1

HIGH

CVE-2025-67534

Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7....

Affected Products :
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-63030

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0....

Affected Products : new_user_approve
Published: Dec. 09, 2025

Modified: Dec. 10, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-41749

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability ...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41747

An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulne...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41748

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-14261

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack....

Affected Products : litmus
Published: Dec. 08, 2025

Modified: Dec. 09, 2025

Vuln Type: Authentication
7.1

HIGH

CVE-2025-62570

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally....

Affected Products : windows_11_24h2 windows_server_2025 windows_11_25h2
Published: Dec. 09, 2025

Modified: Dec. 10, 2025
7.1

HIGH

CVE-2025-23458

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0....

Affected Products :
Published: Dec. 30, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2018-25146

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidde...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization
7.1

HIGH

CVE-2019-25256

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsy...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Path Traversal
7.1

HIGH

CVE-2018-25145

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www...

Affected Products :
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Information Disclosure
7.1

HIGH

CVE-2025-66445

Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Adviso...

Affected Products : infrastructure_analytics_advisor ops_center_analyzer
Published: Dec. 24, 2025

Modified: Dec. 29, 2025

Vuln Type: Authorization

Showing 20 of 5227 Results

Browse by Apps

Latest CVE Feed

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

7.1

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable