Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-67538

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a through < 12.0.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63045

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.... Read more

    Affected Products : master_slider
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-65804

    Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).... Read more

    Affected Products : ax3_firmware ax3
    • Published: Dec. 08, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-14331

    Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-64650

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.... Read more

    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-67555

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict UseStrict&#039;s Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict&#039;s Calendly Embedder: from n/a through ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64670

    Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025

  • 6.5

    MEDIUM
    CVE-2025-62082

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through <= 1.2.8.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-36017

    IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user.... Read more

    Affected Products : controller
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-63037

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63055

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.... Read more

    Affected Products : master_addons
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-10163

    The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘starting_with’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and ... Read more

    Affected Products : list_category_posts
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-12687

    A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in servi... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-65082

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affe... Read more

    Affected Products : http_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-67436

    Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-67549

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.... Read more

    Affected Products : oik
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-49914

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a throu... Read more

    Affected Products : restaurant_menu
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-14508

    The MediaCommander – Bring Folders to Media, Posts, and Pages plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the import-csv REST API endpoint in all versions up to, and including, 2.3.1. This is due t... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-43464

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-14064

    The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX endpoints in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 5303 Results