Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-67745

    MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, ... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-41751

    An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2023-53944

    EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory travers... Read more

    Affected Products : webserver
    • Published: Dec. 18, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-64221

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Reflected XSS.This issue affects Reservation Plugin: from n/a through <= 1.6.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-13823

    A security issue was found in the IPv6 stack in the Micro850 and Micro870 controllers when the controllers received multiple malformed packets during fuzzing. The controllers will go into recoverable fault with fault code 0xFE60. To recover the controller... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-60182

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board supportboard allows Reflected XSS.This issue affects Support Board: from n/a through < 3.8.7.... Read more

    Affected Products : support_board
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-61736

    Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-54751

    Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36.... Read more

    Affected Products : postx
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-14255

    Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : vitals_enterprise_social_platform
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-14299

    The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocat... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-43520

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A ma... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2025-66119

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.... Read more

    Affected Products : hostel
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-64189

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6.... Read more

    Affected Products : xstore_core
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-66736

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resu... Read more

    Affected Products : youlai-boot
    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-67648

    Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the... Read more

    Affected Products : shopware
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-66402

    Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12... Read more

    Affected Products : misskey
    • Published: Dec. 16, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-13073

    The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-30547

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-69085

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-41747

    An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulne... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5090 Results