Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-13633

    Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2023-53875

    GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV techniq... Read more

    Affected Products : gom_player
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-13720

    Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-13631

    Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-14765

    Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-46281

    A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-59134

    Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-56130

    OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56129

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-13808

    A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the c... Read more

    Affected Products : orion-ops
    • Published: Dec. 01, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-65472

    A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.... Read more

    Affected Products : easyimages2.0
    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2021-47711

    A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro met... Read more

    Affected Products : xperience
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-12970

    The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buf... Read more

    Affected Products : fluent_bit
    • Published: Nov. 24, 2025
    • Modified: Nov. 28, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-13156

    The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the sa... Read more

    Affected Products :
    • Published: Nov. 21, 2025
    • Modified: Nov. 21, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2024-58279

    appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell wit... Read more

    Affected Products : apprain
    • Published: Dec. 10, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-13768

    WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-11461

    Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.... Read more

    Affected Products : frappe_crm
    • Published: Nov. 26, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-66555

    AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input contro... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-65897

    zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file sys... Read more

    Affected Products : zdh_web
    • Published: Dec. 05, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-13680

    The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user->set_role() function. This makes it possible for authent... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization
Showing 20 of 4434 Results