Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-49914

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a throu... Read more

    Affected Products : restaurant_menu
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-68040

    Insertion of Sensitive Information Into Sent Data vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through 3.0.1.... Read more

    Affected Products : wp_project_manager
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-64497

    Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release... Read more

    Affected Products : tuleap
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-63044

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.... Read more

    Affected Products : xpro_addons_for_elementor
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-63039

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.... Read more

    Affected Products : listingpro
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-63046

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through <= 2.9.9.... Read more

    Affected Products : listingpro
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-67557

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Stored XSS.This issue affects WP eBay Product Feeds: from n/a through <= 3.4.9.... Read more

    Affected Products : wp_ebay_product_feeds
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-59810

    An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15199

    A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitatio... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-47325

    Information disclosure while processing system calls with invalid parameters.... Read more

    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-14148

    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token.... Read more

    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-14516

    A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. T... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2023-53893

    Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service... Read more

    Affected Products : titan_file
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-67735

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This lead... Read more

    Affected Products : netty
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-66911

    Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to que... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-67976

    Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.... Read more

    Affected Products : watu_quiz
    • Published: Dec. 16, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-15254

    A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has b... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-69020

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through <= 4.12.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-64995

    A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allo... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-68992

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Knowledge Base Manager bwl-kb-manager allows Stored XSS.This issue affects BWL Knowledge Base Manager: from n/a through <= 1.6.3.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5221 Results