Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-53900

    Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. Thi... Read more

    • Published: Nov. 29, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-9121

    Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-14397

    The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on the postem_ipsum_generate_users() function in all versions up to, and including, 3.0.1. This makes it pos... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2019-25245

    Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to repl... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-64256

    Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2023-53900

    Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through im... Read more

    Affected Products : spip
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2019-25246

    Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access se... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2025-14174

    Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    • Actively Exploited
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-62153

    Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-68505

    Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-62151

    Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-60786

    A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file.... Read more

    Affected Products : icescrum
    • Published: Dec. 15, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-13790

    A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor... Read more

    Affected Products : scada-lts
    • Published: Nov. 30, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-14766

    Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Dec. 16, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-65471

    An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : easyimages2.0
    • Published: Dec. 11, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-14499

    IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target... Read more

    Affected Products : icewarp
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-13768

    WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-12189

    The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonc... Read more

    Affected Products : bread_and_butter
    • Published: Dec. 05, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2020-36883

    SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techni... Read more

    Affected Products : fusion_digital_signage
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-65530

    An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.... Read more

    Affected Products : ai-bolit
    • Published: Dec. 12, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection
Showing 20 of 4825 Results