Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-12519

    Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configu... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.9

    MEDIUM
    CVE-2025-15455

    A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be c... Read more

    Affected Products : minicms
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-64121

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 9.2

    CRITICAL
    CVE-2026-21440

    AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser throug... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-67159

    Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2025-12513

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2023-50897

    Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7.... Read more

    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-64125

    A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.... Read more

    Affected Products :
    • Published: Jan. 03, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-67303

    An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-67315

    Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.9

    MEDIUM
    CVE-2025-3654

    Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2026-21634

    A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). ... Read more

    Affected Products : unifi_protect
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Denial of Service

  • 6.8

    MEDIUM
    CVE-2025-13056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects I... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-15439

    A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injec... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2026-21483

    listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Supe... Read more

    Affected Products : listmonk
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2026-0587

    A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The a... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68760

    In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with the check: `iommu->dbg_mmio_offset > iommu->mmio_phys_en... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21444

    libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vect... Read more

    Affected Products : libtpms
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-15450

    A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospital... Read more

    Affected Products : hosp_order
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-15453

    A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote ex... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection
Showing 20 of 4310 Results