Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-47712

    A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.... Read more

    Affected Products : xperience
    • Published: Dec. 18, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-13721

    Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-67111

    An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-51735

    CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.... Read more

    Affected Products : unica
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2018-25153

    GNU Barcode 0.99 contains a memory leak vulnerability in the command line processing function within cmdline.c. Attackers can exploit this vulnerability by providing specially crafted input that causes unfreed memory allocations, potentially leading to de... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-61729

    Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a c... Read more

    Affected Products : go
    • Published: Dec. 02, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25258

    LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques i... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-68388

    Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.... Read more

    Affected Products : packetbeat
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2019-25253

    KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: XML External Entity

  • 7.5

    HIGH
    CVE-2025-11789

    Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the param... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-13295

    Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-13724

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products : vikrentcar
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68568

    Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.T... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-58479

    Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Dec. 02, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-68576

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-68606

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.... Read more

    Affected Products : postx
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-68516

    Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-3232

    A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2018-25129

    SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through ... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-59789

    Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json ... Read more

    Affected Products : brpc
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4912 Results