Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-25282

    V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting ... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-68874

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through <= 1.5.0.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-68873

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-13504

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through <= 2.1.4.... Read more

    Affected Products : real_estate_pro
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-12640

    The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level au... Read more

    Affected Products : folders
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-0707

    A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that ... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-67603

    A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-13679

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible ... Read more

    Affected Products : tutor_lms
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-68891

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-66003

    An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2026-22517

    Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-67933

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through <= 4.0.9.... Read more

    Affected Products : taskbuilder
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-15224

    When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.... Read more

    Affected Products : curl
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-67916

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0.... Read more

    Affected Products : jobify
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.0

    HIGH
    CVE-2025-67858

    A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? b... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2026-21876

    The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When ... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-67913

    Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.... Read more

    Affected Products : aruba_hispeed_cache
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-14431

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through <= 1.5.4.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-67917

    Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-21892

    Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-suppli... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection
Showing 20 of 4008 Results