Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.1

    MEDIUM
    CVE-2026-0580

    A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated rem... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-66376

    Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.... Read more

    Affected Products : collaboration
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-0581

    A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can l... Read more

    Affected Products : ac1206_firmware
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-15238

    QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-15239

    QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2023-52212

    Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-13056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects I... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68761

    In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount and then dreferences "node" on the next line. It's only... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-0579

    A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prod_id/name/price/mode... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68850

    Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12.... Read more

    Affected Products : sell_downloads
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68753

    In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in put_user loop for DSP events In the DSP event handling code, a put_user() loop copies event data. When the user buffer size is not aligned to 4 ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-65328

    Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, w... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68759

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fail... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-55204

    muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attacker can exploit this issue by embedding a specially crafted `muffon://` link on any website they ... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-5591

    Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-27807

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68754

    In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manuall... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68765

    In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2023-50897

    Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7.... Read more

    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2025-31044

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection
Showing 20 of 4678 Results