Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-61781

    OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and in... Read more

    Affected Products : opencti
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 5.7

    MEDIUM
    CVE-2025-59955

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v... Read more

    Affected Products : coolify
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2025-59158

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An... Read more

    Affected Products : coolify
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-59157

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitize... Read more

    Affected Products : coolify
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-59156

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify's application deployment workflow. This flaw allows a low-... Read more

    Affected Products : coolify
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-55204

    muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attacker can exploit this issue by embedding a specially crafted `muffon://` link on any website they ... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-43320

    The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.3. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-66845

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitr... Read more

    Affected Products : techstore
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-45493

    Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.... Read more

    Affected Products : ex8000_firmware ex8000
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-58052

    Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role... Read more

    Affected Products : galette
    • Published: Dec. 19, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-58053

    Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.... Read more

    Affected Products : galette
    • Published: Dec. 19, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-63665

    An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.... Read more

    Affected Products : gt_edge_ai
    • Published: Dec. 19, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-14591

    In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause ... Read more

    Affected Products : delphix_continuous_compliance
    • Published: Dec. 20, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-65270

    Reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser.... Read more

    Affected Products : captivate_electronic_data_capture
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-35321

    MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.... Read more

    Affected Products : mynet
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.7

    MEDIUM
    CVE-2025-26787

    An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user ... Read more

    Affected Products : signserver
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-63662

    Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.... Read more

    Affected Products : gt_edge_ai
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-63663

    Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.... Read more

    Affected Products : gt_edge_ai
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63664

    Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.... Read more

    Affected Products : gt_edge_ai
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-21635

    An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization
Showing 20 of 5152 Results