Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2025-58944

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Manufactory manufactory allows PHP Local File Inclusion.This issue affects Manufactory: from n/a through <= 1.4.... Read more

    Affected Products : manufactory
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-60063

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rosalinda rosalinda allows PHP Local File Inclusion.This issue affects Rosalinda: from n/a through <= 1.2.3.... Read more

    Affected Products : rosalinda
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-59683

    Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consu... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-58932

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects Prisma: from n/a through <= 1.10.... Read more

    Affected Products : prisma
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-1545

    An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only ... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-58945

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7.... Read more

    Affected Products : ecogrow
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-65742

    An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.... Read more

    Affected Products : omnidocs
    • Published: Dec. 15, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-58889

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through <= 1.16.... Read more

    Affected Products : towny
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-66444

    Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Adviso... Read more

    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-58930

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through <= 1.6.... Read more

    Affected Products : fitflex
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2025-58931

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through <= 1.6.... Read more

    Affected Products : palatio
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-58947

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.... Read more

    Affected Products : athos
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-58940

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through <= 1.3.12.... Read more

    Affected Products : basil
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-58803

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.... Read more

    Affected Products : algenix
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-68476

    KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure Hash... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-58941

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects Fabric: from n/a through <= 1.5.0.... Read more

    Affected Products : fabric
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-58942

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Dwell dwell allows PHP Local File Inclusion.This issue affects Dwell: from n/a through <= 1.7.0.... Read more

    Affected Products : dwell
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-14180

    In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared... Read more

    Affected Products : php
    • Published: Dec. 27, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-68939

    Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2025-10451

    Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 5224 Results