Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-13427

    An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initial... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-64676

    '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.... Read more

    Affected Products : office_purview
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025

  • 8.6

    HIGH
    CVE-2025-13008

    An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.... Read more

    Affected Products : m-files_server
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Information Disclosure

  • 6.8

    MEDIUM
    CVE-2023-30971

    Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-68278

    Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrar... Read more

    Affected Products : tina
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-64282

    Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-53710

    Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundr... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Misconfiguration

  • 5.6

    MEDIUM
    CVE-2025-14267

    Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7... Read more

    Affected Products : m-files_server
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-14455

    The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery manag... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-1885

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing.This issue affects Online Food Delivery System: through 19122025.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Misconfiguration

  • 3.8

    LOW
    CVE-2025-14881

    Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.... Read more

    Affected Products : pretix
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-66905

    The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and rea... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Path Traversal

  • 7.4

    HIGH
    CVE-2025-14809

    ArcSearch for Android versions prior to 1.12.6 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2024-49587

    Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and au... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-65037

    Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.... Read more

    Affected Products : azure_container_apps
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025

  • 3.1

    LOW
    CVE-2025-65046

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025

  • 8.8

    HIGH
    CVE-2024-58279

    appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell wit... Read more

    Affected Products : apprain
    • Published: Dec. 10, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-58281

    Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command exe... Read more

    Affected Products : dotclear
    • Published: Dec. 10, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2024-58282

    Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a ... Read more

    Affected Products : serendipity
    • Published: Dec. 10, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2024-58284

    PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell t... Read more

    Affected Products : popojicms
    • Published: Dec. 10, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection
Showing 20 of 4923 Results