Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2021-47714

    Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read ... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2021-47713

    Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and m... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-66736

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resu... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-66735

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-65817

    LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-67418

    ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default cred... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-67291

    A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-67290

    A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-65837

    PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-65790

    A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG contain... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2024-27708

    Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2024-25812

    MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the src parameter.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-67288

    An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-63664

    Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63663

    Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-63662

    Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2025-26787

    An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets a property of "allowany" to allow any user ... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-15033

    A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through po... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-35321

    MyNET up to v26.08 was discovered to contain a Reflected cross-site scripting (XSS) vulnerability via the msgtipo parameter.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-25814

    MyNET up to v26.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the msg parameter.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4434 Results