Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.3

    MEDIUM
    CVE-2025-15153

    A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attac... Read more

    Affected Products : pbootcms
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Path Traversal
  • 6.3

    MEDIUM
    CVE-2025-15151

    A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack i... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration
  • 6.3

    MEDIUM
    CVE-2025-14954

    A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The man... Read more

    Affected Products : open5gs
    • Published: Dec. 19, 2025
    • Modified: Dec. 28, 2025
    • Vuln Type: Denial of Service
  • 6.3

    MEDIUM
    CVE-2025-52599

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware f... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization
  • 6.3

    MEDIUM
    CVE-2025-66519

    A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without prope... Read more

    Affected Products : pdf_editor_cloud
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.3

    MEDIUM
    CVE-2025-66501

    A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM withou... Read more

    Affected Products : pdf_editor_cloud
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.3

    MEDIUM
    CVE-2025-14177

    In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk m... Read more

    Affected Products : php
    • Published: Dec. 27, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure
  • 6.2

    MEDIUM
    CVE-2025-29864

    Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.... Read more

    Affected Products : alzip
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration
  • 6.2

    MEDIUM
    CVE-2024-29720

    An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure
  • 6.2

    MEDIUM
    CVE-2025-66173

    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected product... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication
  • 6.2

    MEDIUM
    CVE-2025-66311

    This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] e... Read more

    Affected Products : grav grav-plugin-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.2

    MEDIUM
    CVE-2025-66312

    This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accounts/group... Read more

    Affected Products : grav grav-plugin-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.2

    MEDIUM
    CVE-2025-36154

    IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.... Read more

    Affected Products : concert
    • Published: Dec. 24, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Information Disclosure
  • 6.2

    MEDIUM
    CVE-2025-66309

    This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page... Read more

    Affected Products : grav grav-plugin-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.2

    MEDIUM
    CVE-2025-62686

    A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exp... Read more

    Affected Products : macos installation_manager
    • Published: Dec. 03, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration
  • 6.2

    MEDIUM
    CVE-2025-65410

    A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Denial of Service
  • 6.2

    MEDIUM
    CVE-2025-55076

    A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a... Read more

    Affected Products : macos installation_manager
    • Published: Dec. 03, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication
  • 6.2

    MEDIUM
    CVE-2025-66310

    This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/[page] e... Read more

    Affected Products : grav grav-plugin-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting
  • 6.2

    MEDIUM
    CVE-2025-66325

    Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization
  • 6.2

    MEDIUM
    CVE-2025-61822

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary location... Read more

    Affected Products : coldfusion
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal
Showing 20 of 5334 Results