Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-12874

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vecto... Read more

    Affected Products : coexistence_manager_for_notes
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-14954

    A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The man... Read more

    Affected Products : open5gs
    • Published: Dec. 19, 2025
    • Modified: Dec. 28, 2025
    • Vuln Type: Denial of Service

  • 6.3

    MEDIUM
    CVE-2025-66522

    A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-... Read more

    Affected Products : pdf_editor_cloud
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2025-15151

    A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack i... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-15398

    A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The at... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-15108

    A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded ... Read more

    Affected Products : pandax
    • Published: Dec. 27, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cryptography

  • 6.3

    MEDIUM
    CVE-2025-66520

    A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a resu... Read more

    Affected Products : pdf_editor_cloud
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.3

    MEDIUM
    CVE-2026-21860

    Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as... Read more

    Affected Products : werkzeug
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 6.3

    MEDIUM
    CVE-2026-22024

    CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more

    Affected Products : cryptolib
    • Published: Jan. 10, 2026
    • Modified: Jan. 10, 2026
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2025-68950

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any sit... Read more

    Affected Products : imagemagick
    • Published: Dec. 30, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-65410

    A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.... Read more

    Affected Products : unrtf
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-52516

    An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.... Read more

    • Published: Jan. 05, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: Memory Corruption

  • 6.2

    MEDIUM
    CVE-2024-29720

    An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.... Read more

    Affected Products : sciter
    • Published: Dec. 26, 2025
    • Modified: Jan. 09, 2026
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-36154

    IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.... Read more

    Affected Products : concert
    • Published: Dec. 24, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Information Disclosure

  • 6.2

    MEDIUM
    CVE-2025-68401

    ChurchCRM is an open-source church management system. Prior to version 6.0.0, the application stores user-supplied HTML/JS without sufficient sanitization/encoding. When other users later view this content, attacker-controlled JavaScript executes in their... Read more

    Affected Products : churchcrm
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.2

    MEDIUM
    CVE-2025-65835

    The Cordova plugin cordova-plugin-x-socialsharing (SocialSharing-PhoneGap-Plugin) for Android 6.0.4, registers an exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent with an android.intent.action.SEND intent filter. The onReceive im... Read more

    Affected Products : android cordova_social_sharing
    • Published: Dec. 15, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Denial of Service

  • 6.2

    MEDIUM
    CVE-2025-13532

    Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms.  This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a ... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cryptography

  • 6.2

    MEDIUM
    CVE-2025-66173

    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected product... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-67711

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-13624

    The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4210 Results