Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-14699

    A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. The attack needs to be performed locally. The exploit has... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-66086

    Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.8.... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-64898

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized acces... Read more

    Affected Products : coldfusion
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-20790

    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more

    Affected Products : nr15 mt2735 mt6833 mt6833p mt6853 mt6853t mt6855 mt6873 mt6875 mt6877 +16 more products
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-11379

    The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. Th... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-14521

    A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path ... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-12696

    The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-13441

    The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to a missing capability check on the admin_init hook that executes wp_cache_flush(). This m... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14591

    After a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information ... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 20, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-12898

    The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcal_ajax_handler() function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 20, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-67749

    PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-62567

    Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025

  • 5.3

    MEDIUM
    CVE-2024-58289

    Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile... Read more

    Affected Products : cockpit
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13950

    The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin ... Read more

    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-55183

    An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and re... Read more

    Affected Products : next.js react
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-67572

    Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-14569

    A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2021-47702

    OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails o... Read more

    Affected Products : openbmcs
    • Published: Dec. 09, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-56423

    An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages... Read more

    Affected Products : openatlas
    • Published: Nov. 24, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-64632

    Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21.... Read more

    Affected Products : google_xml_sitemaps
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 4554 Results