Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 9.8

    CRITICAL
    CVE-2025-14611

    Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file incl... Read more

    Affected Products : centrestack triofox
    • Actively Exploited
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Cryptography
  • 9.8

    CRITICAL
    CVE-2025-14645

    A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack is possible to be carried ... Read more

    Affected Products : student_file_management_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-67524

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster Elementor Addon jobmonster-addon allows PHP Local File Inclusion.This issue affects Jobmonster Elementor Addon: fr... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Path Traversal
  • 9.8

    CRITICAL
    CVE-2023-53894

    phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2025-65213

    MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-14860

    Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1.... Read more

    Affected Products : firefox
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2025-58386

    In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing l... Read more

    Affected Products : terminalfour
    • Published: Dec. 02, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization
  • 9.8

    CRITICAL
    CVE-2024-14010

    Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remot... Read more

    Affected Products : typora
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-14667

    A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument meta_value leads to sql injection. The attack may be ... Read more

    Affected Products : covid_tracking_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-14217

    A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is p... Read more

    Affected Products : currency_exchange_system
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-66046

    Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger the... Read more

    Affected Products : libbiosig
    • Published: Dec. 11, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2025-56157

    Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2025-62691

    Security Point (Windows) of MaLion and MaLionCloud contains a stack-based buffer overflow vulnerability in processing HTTP headers. Receiving a specially crafted request from a remote unauthenticated attacker could lead to arbitrary code execution with SY... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Memory Corruption
  • 9.8

    CRITICAL
    CVE-2025-13764

    The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This make... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication
  • 9.8

    CRITICAL
    CVE-2022-23851

    Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-67520

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through <= 1.6.15.... Read more

    Affected Products : media_library_tools
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Injection
  • 9.8

    CRITICAL
    CVE-2025-65826

    The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Information Disclosure
  • 9.8

    CRITICAL
    CVE-2025-67165

    An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.... Read more

    Affected Products : pagekit
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization
  • 9.8

    CRITICAL
    CVE-2025-65474

    An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format.... Read more

    Affected Products : easyimages2.0
    • Published: Dec. 11, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Path Traversal
  • 9.8

    CRITICAL
    CVE-2025-65834

    Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to a... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4519 Results