Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-66923

    A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.... Read more

    Affected Products : open_source_point_of_sale
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2018-25131

    Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser se... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-68111

    ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the `eGive.php` file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL que... Read more

    Affected Products : churchcrm
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-14730

    A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/Ct_Config.php of the component Backend System Configuration Module. The manipulation of the argument... Read more

    Affected Products : ctcms
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-61740

    Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-26379

    Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-9343

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This make... Read more

    Affected Products : wsdesk
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-14731

    A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neut... Read more

    Affected Products : ctcms
    • Published: Dec. 16, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-61739

    Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-15148

    A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code... Read more

    Affected Products : cmseasy
    • Published: Dec. 28, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-14899

    A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated re... Read more

    Affected Products : real_estate_management_system
    • Published: Dec. 19, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-15143

    A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content result... Read more

    Affected Products : eyoucms
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-14855

    The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-15138

    A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is po... Read more

    Affected Products : tiny_file_manager
    • Published: Dec. 28, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-67818

    An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a b... Read more

    Affected Products : weaviate
    • Published: Dec. 12, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-14582

    A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in unrestricted upload. The attack c... Read more

    Affected Products : online_student_enrollment_system
    • Published: Dec. 12, 2025
    • Modified: Dec. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-55707

    Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.... Read more

    Affected Products : postx
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-58770

    APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Inte... Read more

    Affected Products : aptio_v
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-14642

    A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely.... Read more

    Affected Products : computer_laboratory_system
    • Published: Dec. 14, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-12570

    The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-im... Read more

    Affected Products : fancy_product_designer
    • Published: Dec. 12, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4579 Results