Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-59384

    A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Path Traversal

  • 4.6

    MEDIUM
    CVE-2025-59381

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-11157

    A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the u... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-67710

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : arcgis_server
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-45286

    A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 1.2

    LOW
    CVE-2025-53405

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2025-14627

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink ... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Server-Side Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-67704

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : arcgis_server
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-66023

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). The vulnerability is tr... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-59389

    An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Da... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-34469

    Cowrie versions prior to 2.9.0 contain a server-side request forgery (SSRF) vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to a... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Server-Side Request Forgery

  • 1.2

    LOW
    CVE-2025-53589

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 1.3

    LOW
    CVE-2025-52872

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerab... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 5.6

    MEDIUM
    CVE-2025-67706

    ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.... Read more

    Affected Products : arcgis_server
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2026-0544

    A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The ... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 1.2

    LOW
    CVE-2025-52430

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Denial of Service

  • 1.2

    LOW
    CVE-2025-62852

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th... Read more

    Affected Products : qts
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-13820

    The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2025-9110

    An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have alre... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 4.6

    MEDIUM
    CVE-2025-54166

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 5018 Results