Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-15186

    A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch t... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-15190

    A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. ... Read more

    Affected Products : dwr-m920_firmware
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-57460

    File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-65570

    A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an addit... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-68929

    Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link. This could lead to a malicious template being executed on th... Read more

    Affected Products : frappe
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-15193

    A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried o... Read more

    Affected Products : dwr-m920_firmware
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-68928

    Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known wo... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-32095

    Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-32096

    Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-66378

    Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-15082

    A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is pos... Read more

    Affected Products :
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2025-68935

    ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.... Read more

    Affected Products : document_server
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-15092

    A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exp... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-15094

    A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing man... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-15095

    A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit h... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-15097

    A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit ... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-68942

    Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-15099

    A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper ... Read more

    Affected Products : sim
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-62578

    DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cryptography

  • 6.7

    MEDIUM
    CVE-2025-36192

    IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to mi... Read more

    Affected Products : ds8900f_firmware
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 5224 Results