Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-68873

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68874

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through <= 1.5.0.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2026-22521

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2026-22488

    Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-22489

    Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2019-25295

    The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-67932

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through < 2.0.19.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-67914

    Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.... Read more

    Affected Products : vidmov
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2026-22032

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter ... Read more

    Affected Products : directus
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2025-8307

    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cryptography

  • 5.5

    MEDIUM
    CVE-2025-62224

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.... Read more

    Affected Products : edge
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026

  • 7.3

    HIGH
    CVE-2026-22241

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload a... Read more

    Affected Products : openeclass
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2026-21427

    The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running in... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2025-8306

    Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of gran... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-22728

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6.... Read more

    Affected Products : workreap
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2019-25259

    Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized acti... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-67919

    Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.... Read more

    Affected Products : woffice
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2026-22518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.... Read more

    Affected Products : x_addons_for_elementor
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2019-25290

    Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewal... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Server-Side Request Forgery

  • 9.2

    CRITICAL
    CVE-2026-22034

    Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and co... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4088 Results