Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2023-53869

    WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-14758

    Incorrect configuration of replication security in the MariaDB component of the infra-operator in YAOOK Operator allows an on-path attacker to read database contents, potentially including credentials... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-14443

    A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP addr... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-13956

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated att... Read more

    Affected Products : learnpress
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-13439

    The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpd_custom_uplod_file AJAX act... Read more

    Affected Products : fancy_product_designer
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-14335

    A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation of the argument sy leads to sql injection. It is possible to initia... Read more

    Affected Products : student_management_system
    • Published: Dec. 09, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14336

    A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in sql injection. It is possible to launch the attack remot... Read more

    Affected Products : student_management_system
    • Published: Dec. 09, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14611

    Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file incl... Read more

    Affected Products : centrestack triofox
    • Actively Exploited
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-11393

    A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific r... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 2.9

    LOW
    CVE-2025-67899

    uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.... Read more

    Affected Products : uriparser
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-43467

    This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-43466

    An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-43464

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43461

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 3.3

    LOW
    CVE-2025-43404

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 5.2

    MEDIUM
    CVE-2025-43393

    A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-43388

    An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-43381

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-43351

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-59803

    Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal.... Read more

    Affected Products : macos windows pdf_editor pdf_reader
    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4917 Results