Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-1029

    Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-59789

    Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json ... Read more

    Affected Products : brpc
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-14206

    A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to i... Read more

    Affected Products : online_student_clearance_system
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-66905

    The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and rea... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-1031

    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-50681

    igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-14812

    ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-54849

    A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unaut... Read more

    • Published: Dec. 01, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-65877

    Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query... Read more

    Affected Products : lvzhou_cms
    • Published: Dec. 02, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-67015

    Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-13792

    A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing manipulation of the argument passageiros results in code inje... Read more

    Affected Products : qualitor
    • Published: Nov. 30, 2025
    • Modified: Dec. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15165

    A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiate... Read more

    Affected Products :
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-66624

    BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply... Read more

    Affected Products :
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-14960

    A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the at... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-56089

    An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.... Read more

    Affected Products : dnsserver
    • Published: Dec. 01, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-63951

    An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the ... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-41014

    User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapactio... Read more

    Affected Products : gim
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-63950

    An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter receives base64-encoded data that is passed directly to... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-53710

    Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundr... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-64658

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
Showing 20 of 4776 Results