Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2023-53869

    WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-14896

    due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local fi... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.7

    HIGH
    CVE-2021-47727

    Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2023-53917

    Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensi... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2020-36895

    EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.propertie... Read more

    Affected Products : i-media_server_digital_signage
    • Published: Dec. 10, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2021-47713

    Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and m... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-34179

    NetSupport Manager < 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.d... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2021-47704

    OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database... Read more

    Affected Products : openbmcs
    • Published: Dec. 09, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2021-47706

    COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2023-53770

    MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending ... Read more

    Affected Products : minidvblinux
    • Published: Dec. 09, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-34435

    AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or e... Read more

    Affected Products : avideo
    • Published: Dec. 17, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2025-34181

    NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-13824

    A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED ... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-65952

    Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2020-36882

    Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.... Read more

    Affected Products : diskboss diskboss
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2025-14712

    Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password.... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2020-36876

    ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, pa... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-8110

    Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.... Read more

    Affected Products : gogs
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 8.7

    HIGH
    CVE-2025-9571

    A remote code execution (RCE) vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain co... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-34457

    wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maxi... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4934 Results