Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-53888

    Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute s... Read more

    Affected Products : zomplog
    • Published: Dec. 15, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2022-50793

    SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerabilit... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-13481

    IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.... Read more

    Affected Products : linux_kernel aspera_orchestrator
    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-53875

    GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV techniq... Read more

    Affected Products : gom_player
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-60786

    A Zip Slip vulnerability in the import a Project component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via uploading a crafted Zip file.... Read more

    Affected Products : icescrum
    • Published: Dec. 15, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-13638

    Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-12744

    A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local us... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: Dec. 03, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56085

    OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2019-25243

    FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipu... Read more

    • Published: Dec. 24, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-7073

    A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback)... Read more

    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-56129

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-34437

    AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video ob... Read more

    Affected Products : avideo avideo
    • Published: Dec. 17, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-57198

    AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input.... Read more

    Affected Products : dgm1104_firmware dgm1104
    • Published: Dec. 03, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-65472

    A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.... Read more

    Affected Products : easyimages2.0
    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-68696

    httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bc... Read more

    Affected Products : httparty
    • Published: Dec. 23, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-56120

    OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2018-25148

    Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execut... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-56118

    OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-65780

    An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side... Read more

    Affected Products : wekan
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-14885

    A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be lau... Read more

    • Published: Dec. 18, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 5281 Results