Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-12648

    The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) ... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-31642

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-31051

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Them... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Information Disclosure

  • 10.0

    HIGH
    CVE-2025-15471

    A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The ... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-14612

    Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-14605

    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-14599

    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 thro... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-14596

    Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-14631

    A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2026-0649

    A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2024-14020

    A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled mo... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2026-0628

    Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium se... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-0643

    A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote expl... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-47396

    Memory corruption occurs when a secure application is launched on a device with insufficient memory.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-47395

    Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-47394

    Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47393

    Memory corruption when accessing resources in kernel driver.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47388

    Memory corruption while passing pages to DSP with an unaligned starting address.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-47380

    Memory corruption while preprocessing IOCTLs in sensors.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-47369

    Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 5096 Results