Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2020-36909

    SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/e... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-11723

    The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back s... Read more

    Affected Products : simply_schedule_appointments
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-14996

    The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to up... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-4776

    The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : phlox
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-0980

    Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-15385

    Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2020-36912

    Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary web... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2020-36908

    SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2020-36920

    iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2020-36922

    Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations,... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-39477

    Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.... Read more

    Affected Products : injob
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-59379

    DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-14552

    The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-14053

    The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.9

    MEDIUM
    CVE-2026-20029

    A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: XML External Entity

  • 6.8

    MEDIUM
    CVE-2026-22537

    The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-61492

    A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 1.8

    LOW
    CVE-2025-12776

    The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secur... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-47369

    Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-14835

    The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products : wp_photo_album_plus
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4269 Results