Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-66039

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, ... Read more

    Affected Products : freepbx
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2021-47719

    COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebVi... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-65882

    An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-65741

    Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-36437

    IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system.... Read more

    Affected Products : planning_analytics_local
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.1

    MEDIUM
    CVE-2021-47729

    Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted paylo... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2021-47728

    Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain ww... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-67489

    @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decod... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-67485

    mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2021-47727

    Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2021-47706

    COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 6.6

    MEDIUM
    CVE-2025-67499

    The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is c... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-13955

    Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-13339

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbit... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2020-36885

    Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-14087

    A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input ... Read more

    Affected Products : glib
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-12046

    A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.... Read more

    Affected Products : app_store browser
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-13677

    The Simple Download Counter plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.2.2. This is due to insufficient path validation in the `simple_download_counter_parse_path()` function. This makes it possible for au... Read more

    Affected Products : simple_download_counter
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2020-36883

    SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techni... Read more

    Affected Products : fusion_digital_signage
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-13953

    Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket, but the web application does not properly validat... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 5303 Results