Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2024-45675

    IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.... Read more

    Affected Products : informix_dynamic_server
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-58303

    UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-66271

    Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-40830

    A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly pri... Read more

    Affected Products : sinec_security_monitor
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-61229

    An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.... Read more

    Affected Products : superduper\!
    • Published: Dec. 01, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-66461

    FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affect... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-64778

    NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-66223

    OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same ... Read more

    Affected Products : openobserve
    • Published: Nov. 29, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization

  • 8.4

    HIGH
    CVE-2025-66324

    Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-65883

    A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after adm... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-13932

    The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-65036

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This... Read more

    Affected Products : pro_macros
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-42620

    In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitr... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-64675

    Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.... Read more

    Affected Products : cosmos_db
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025

  • 8.3

    HIGH
    CVE-2025-64057

    Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.... Read more

    Affected Products : x210_firmware x210
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2025-9624

    A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.... Read more

    Affected Products : opensearch opensearch
    • Published: Nov. 25, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 8.3

    HIGH
    CVE-2025-44018

    A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.... Read more

    Affected Products :
    • Published: Nov. 24, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-58098

    Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended ... Read more

    Affected Products : http_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-14187

    A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow.... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-66397

    ChurchCRM is an open-source church management system. Prior to version 6.5.3, the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions in the Kiosk Manager feature suffers from broken access control, allowing any authenticated user to ... Read more

    Affected Products : churchcrm
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization
Showing 20 of 4453 Results