Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2026-22487

    Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-15346

    A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.  Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavio... Read more

    Affected Products : wolfssl
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2026-22522

    Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-67858

    A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? b... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-22518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.... Read more

    Affected Products : x_addons_for_elementor
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2026-22034

    Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and co... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-66002

    An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-4596

    Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.3

    HIGH
    CVE-2026-22241

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload a... Read more

    Affected Products : openeclass
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2019-25295

    The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2026-22517

    Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-14984

    The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the upload_mime... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.5

    HIGH
    CVE-2026-21427

    The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running in... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-59301

    Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.... Read more

    Affected Products : dvp15mc11t_firmware dvp15mc11t
    • Published: Dec. 22, 2025
    • Modified: Jan. 08, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-68357

    In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_don... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Jan. 08, 2026

  • 6.7

    MEDIUM
    CVE-2025-59888

    Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is availabl... Read more

    Affected Products : ups_companion
    • Published: Dec. 26, 2025
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2022-50802

    ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scri... Read more

    Affected Products : etap_safety_manager
    • Published: Dec. 30, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-15423

    A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been dis... Read more

    Affected Products : empirecms
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-15422

    A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotel... Read more

    Affected Products : empirecms
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-15170

    A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site sc... Read more

    Affected Products : gems_erp_portal
    • Published: Dec. 29, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4190 Results