Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-59683

    Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consu... Read more

    Affected Products : pexip_infinity infinity
    • Published: Dec. 25, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-66378

    Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.... Read more

    Affected Products : pexip_infinity infinity
    • Published: Dec. 25, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-66379

    Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.... Read more

    Affected Products : pexip_infinity infinity
    • Published: Dec. 25, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66443

    Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.... Read more

    Affected Products : pexip_infinity infinity
    • Published: Dec. 25, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-15393

    A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content lead... Read more

    Affected Products : kodicms
    • Published: Dec. 31, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-65856

    Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fail... Read more

    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-65857

    An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.... Read more

    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-14155

    The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-14163

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for un... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-66845

    A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitr... Read more

    Affected Products : techstore
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-45493

    Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.... Read more

    Affected Products : ex8000_firmware ex8000
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-68668

    n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this v... Read more

    Affected Products : n8n
    • Published: Dec. 26, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-15359

    DVP-12SE11T - Out-of-bound memory write Vulnerability... Read more

    Affected Products : dvp-12se11t_firmware dvp-12se11t
    • Published: Dec. 30, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2023-53975

    Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execu... Read more

    Affected Products : atomcms
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2022-50687

    Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field ... Read more

    Affected Products : backup_11
    • Published: Dec. 22, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Denial of Service

  • 6.4

    MEDIUM
    CVE-2021-47738

    CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an ... Read more

    Affected Products : csz_cms
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2021-47736

    CMSimple_XH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to c... Read more

    Affected Products : cmsimple_xh
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2021-47734

    CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading m... Read more

    Affected Products : cmsimple
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2021-47732

    CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files ... Read more

    Affected Products : cmsimple
    • Published: Dec. 23, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2018-25138

    FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera in... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: Dec. 24, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authentication
Showing 20 of 4312 Results