Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-54165

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-62327

    In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 4.9

    MEDIUM
    CVE-2025-57705

    An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-59380

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-54166

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-53414

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-54164

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2026-20029

    A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: XML External Entity

  • 4.9

    MEDIUM
    CVE-2025-68893

    Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-59138

    Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.9

    MEDIUM
    CVE-2025-52426

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-14719

    The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks... Read more

    Affected Products : relevanssi
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-53596

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-14830

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10.... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2025-53589

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2026-22242

    CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based t... Read more

    Affected Products : coreshop
    • Published: Jan. 08, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-13409

    The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient prep... Read more

    Affected Products : form_vibes
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-15121

    A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor wa... Read more

    Affected Products : jeecg_boot jeecgboot
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-53922

    Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2... Read more

    Affected Products : galette
    • Published: Dec. 19, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-68463

    Bio.Entrez in Biopython through 186 allows doctype XXE.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: XML External Entity
Showing 20 of 4608 Results