Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-68498

    Missing Authorization vulnerability in Crocoblock JetTabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through 2.2.12.... Read more

    Affected Products : jettabs
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-14313

    The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-15284

    Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service v... Read more

    Affected Products : qs
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-53627

    Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is missing, the firmware silently falls back to legacy... Read more

    Affected Products : meshtastic_firmware
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cryptography

  • 4.8

    MEDIUM
    CVE-2025-55064

    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2025-55062

    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-68897

    Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-68861

    Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-55063

    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-69201

    Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes the issue.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-55061

    CWE-434 Unrestricted Upload of File with Dangerous Type... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-68870

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-68040

    Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.... Read more

    Affected Products : wp_project_manager
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2022-50814

    In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr KASAN reported this Bug: [17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60 [17619.673193] Read of ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50837

    In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path If dsa_tag_8021q_setup() fails, for example due to the inability of the device to install a VLAN, the tag_8... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50841

    In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add overflow check for attribute size The offset addition could overflow and pass the used size check given an attribute with very large size (e.g., 0xffffff7f) while parsing ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50851

    In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: fix the crash in unmap a large memory While testing in vIOMMU, sometimes Guest will unmap very large memory, which will cause the crash. To fix this, add a new function vhos... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50852

    In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() Don't dereference "sar_root" after it has been freed.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2022-50863

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2023-54171

    In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak of iter->temp when reading trace_pipe kmemleak reports: unreferenced object 0xffff88814d14e200 (size 256): comm "cat", pid 336, jiffies 4294871818 (age 77... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4006 Results