Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-54751

    Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.... Read more

    Affected Products : postx
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-68879

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68876

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-13355

    The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : url_shortify
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2018-25145

    Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-64203

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through < 4.1.14.... Read more

    Affected Products : mailster
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-4677

    Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-1927

    Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Cross Site Request Forgery.This issue affects Online Food Delivery System: through 19122025.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-4675

    Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026

  • 7.1

    HIGH
    CVE-2025-14737

    Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-13823

    A security issue was found in the IPv6 stack in the Micro850 and Micro870 controllers when the controllers received multiple malformed packets during fuzzing. The controllers will go into recoverable fault with fault code 0xFE60. To recover the controller... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-60182

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through < 3.8.7.... Read more

    Affected Products : support_board
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64189

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6.... Read more

    Affected Products : xstore_core
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64191

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1.... Read more

    Affected Products : xstore
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-14701

    An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.... Read more

    Affected Products : crafty_controller
    • Published: Dec. 17, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-15235

    QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-8872

    On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on... Read more

    Affected Products : eos
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-64217

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64260

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Milesi ANAC XML Bandi di Gara avcp allows Reflected XSS.This issue affects ANAC XML Bandi di Gara: from n/a through <= 7.7.... Read more

    Affected Products : anac_xml_bandi_di_gara
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64376

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10.... Read more

    Affected Products : listingpro
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4195 Results