Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2026-0649

    A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-69333

    Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.... Read more

    Affected Products : jetengine
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-4676

    Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2025-47337

    Memory corruption while accessing a synchronization object during concurrent operations.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-4677

    Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-14804

    The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-15479

    Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users wit... Read more

    Affected Products : ngsurvey
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-14112

    The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-6225

    Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in versi... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-32303

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2026-21856

    The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker t... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-13722

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform... Read more

    Affected Products : contact_form
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-13418

    The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products : responsive_pricing_table
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2026-22543

    The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-58441

    Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is n... Read more

    Affected Products : knowage
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2019-25268

    NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by p... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2026-21697

    axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the sha... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Race Condition

  • 5.3

    MEDIUM
    CVE-2019-25259

    Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized acti... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-62224

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026

  • 9.2

    CRITICAL
    CVE-2026-22034

    Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and co... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4576 Results