Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-4677

    Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-52519

    An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of s... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-61781

    OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and in... Read more

    Affected Products : opencti
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-64305

    MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-2026

    The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-o... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-69084

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through 2.7.7.26.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68887

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: ... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49343

    Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS.This issue affects Social Profilr: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-68885

    Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-30631

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows Reflected XSS.This ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-49345

    Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-31642

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23550

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller allows Reflected XSS.This issue affects Product Puller: from n/a through 1.5.1.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-14835

    The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products : wp_photo_album_plus
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2023-7332

    PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotba... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2025-49342

    Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang Häfelinger Custom Style allows Stored XSS.This issue affects Custom Style: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-69415

    In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-23757

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-15239

    QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : qoca_aim
    • Published: Jan. 05, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-68873

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4366 Results