Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-14830

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10.... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-15453

    A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote ex... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-9543

    The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-66518

    Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68754

    In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manuall... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68762

    In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-65212

    An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core c... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-7048

    On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption ... Read more

    Affected Products : eos
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-15385

    Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-67397

    An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-32304

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2026-0641

    A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be i... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2020-36908

    SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-31088

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPShop.Ru AdsPlace'r – Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace'r – Ad Manager, Inserter, AdSense Ads: f... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13964

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthent... Read more

    Affected Products : learnpress
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-14120

    The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, wi... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-36589

    Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access t... Read more

    Affected Products : unisphere_for_powermax
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-47553

    Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-60534

    Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credential... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-63082

    Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.... Read more

    Affected Products : joomla\!
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4287 Results