Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-20751

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interacti... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-13807

    A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of ... Read more

    Affected Products : orion-ops
    • Published: Dec. 01, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-12720

    The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to IP-based authorization that can be spoofed in the handle_enqueue_only() function in all versions up to, and including, 1.7.1. This makes it possible for unaut... Read more

    Affected Products :
    • Published: Dec. 06, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-36112

    IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.... Read more

    • Published: Nov. 24, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-20750

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-62735

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1.... Read more

    Affected Products : user_spam_remover
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-14043

    The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally return... Read more

    Affected Products : tainacan
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63390

    An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-13381

    The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all versions up to, and including, 2.7.0. This makes it pos... Read more

    Affected Products : chatgpt_assistant
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-20792

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +12 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-12492

    The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members f... Read more

    Affected Products : ultimate_member
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-13636

    Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2023-53735

    WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-20791

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-56423

    An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages... Read more

    Affected Products : openatlas
    • Published: Nov. 24, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-62100

    Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14262

    A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the... Read more

    Affected Products : business_hub
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-63047

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.... Read more

    Affected Products : listingpro
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14183

    A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-14080

    The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsml_form_process AJAX ... Read more

    Affected Products : frontend_post_submission_manager
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization
Showing 20 of 4485 Results