Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-66212

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with ap... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-66211

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-66210

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/servic... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-64676

    '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.... Read more

    Affected Products : purview office_purview
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026

  • 10.0

    CRITICAL
    CVE-2025-65041

    Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026

  • 3.1

    LOW
    CVE-2025-65046

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026

  • 5.6

    MEDIUM
    CVE-2025-14267

    Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7... Read more

    Affected Products : m-files_server
    • Published: Dec. 19, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-15411

    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It i... Read more

    Affected Products : wabt
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-66905

    The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and rea... Read more

    Affected Products : tkfiles
    • Published: Dec. 19, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-15412

    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds... Read more

    Affected Products : wabt
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-65817

    LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.... Read more

    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-15417

    A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack mus... Read more

    Affected Products : open5gs
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66735

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.... Read more

    Affected Products : youlai-boot
    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-66736

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resu... Read more

    Affected Products : youlai-boot
    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-15416

    A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The... Read more

    Affected Products : wangmarket
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-65865

    An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : fast_dds
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 6.6

    MEDIUM
    CVE-2025-65855

    The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attack... Read more

    • Published: Dec. 17, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-15418

    A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing manipulation results in denial... Read more

    Affected Products : open5gs
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-15419

    A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. Executing a manipulation can lead to denial of ... Read more

    Affected Products : open5gs
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-66430

    Plesk 18.0 has Incorrect Access Control.... Read more

    Affected Products : plesk
    • Published: Dec. 12, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization
Showing 20 of 4726 Results