Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-67014

    Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-15099

    A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper ... Read more

    Affected Products : sim
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-15097

    A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit ... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-15434

    A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and m... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15424

    A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. Remote ex... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-66377

    Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes ... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2022-50800

    H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to dis... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2026-0567

    A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exp... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2022-50686

    An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implem... Read more

    Affected Products : xperience
    • Published: Dec. 18, 2025
    • Modified: Dec. 27, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-13029

    The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2026-0568

    A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The e... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15426

    A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. T... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-25341

    A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).... Read more

    Affected Products : libxmljs
    • Published: Dec. 26, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-15195

    A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68036

    Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27.... Read more

    Affected Products : cubewp
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-15208

    A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can... Read more

    Affected Products : refugee_food_management_system
    • Published: Dec. 29, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15142

    A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-42718

    A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.... Read more

    Affected Products : croogo
    • Published: Dec. 26, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-14207

    A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injecti... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-61557

    nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Path Traversal
Showing 20 of 5226 Results