Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-8769

    Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on t... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-68566

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2019-25257

    LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration paramete... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2019-25253

    KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: XML External Entity

  • 5.3

    MEDIUM
    CVE-2019-25254

    KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2019-25233

    AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and exe... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2018-25147

    Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefin... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2018-25144

    Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2018-25146

    Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidde... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2018-25142

    NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2019-25236

    iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/g... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2018-25149

    Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify sy... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2018-25127

    SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create ... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-68748

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthor_fw_unplug() will free the FW memory sections. The problem is that there could still be pendi... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68737

    In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from __change_memory_common The rodata=on security measure requires that any code path which does vmalloc -> set_memory_ro/set_memory_rox must pro... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2025-2154

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68749

    In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it g... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 8.8

    HIGH
    CVE-2025-68592

    Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.... Read more

    Affected Products : wp_adminify
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68603

    Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68589

    Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.11.... Read more

    Affected Products : wp_telegram_widget_and_join_link
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 4195 Results