Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-14204

    A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument au... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-13891

    The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modula_list_folders AJAX endpoint that lacks proper path validation and base directory res... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-12960

    The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the `href` parameter in the `[csv]` shortcode. This is due to insufficient path validation before concatenating user-supplied in... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-65031

    Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API reques... Read more

    Affected Products : rallly
    • Published: Nov. 19, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-60797

    phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->c... Read more

    Affected Products : phppgadmin
    • Published: Nov. 20, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-66053

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2.... Read more

    Affected Products : enfold
    • Published: Nov. 21, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63258

    A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03,... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-67549

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.... Read more

    Affected Products : oik
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-37162

    A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-65028

    Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an insecure direct object reference (IDOR) vulnerability allows any authenticated user to modify other participants’ votes in polls without authorization. The backend reli... Read more

    Affected Products : rallly
    • Published: Nov. 19, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-67720

    Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the download_media method before using them in file path construction. When downloading media, if t... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-12983

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially craf... Read more

    Affected Products : gitlab
    • Published: Nov. 15, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-14157

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with... Read more

    Affected Products : gitlab
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-4097

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted ... Read more

    Affected Products : gitlab
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-14512

    A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute va... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-10938

    The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authent... Read more

    Affected Products : uipress_lite
    • Published: Nov. 21, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-66073

    Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-9614

    An issue was discovered in the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context t... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-63878

    Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page.... Read more

    Affected Products :
    • Published: Nov. 19, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-54971

    An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission... Read more

    Affected Products : fortiadc
    • Published: Nov. 18, 2025
    • Modified: Nov. 20, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 3852 Results