Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2021-47723

    STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-65741

    Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2025-66039

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, ... Read more

    Affected Products : freepbx
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2021-47709

    COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2021-47727

    Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2023-53739

    Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract ba... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2021-47728

    Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain ww... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2021-47706

    COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-67506

    PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it t... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 2.4

    LOW
    CVE-2025-13743

    Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.... Read more

    Affected Products : desktop
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Information Disclosure

  • 9.4

    CRITICAL
    CVE-2025-13607

    A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-63895

    An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-13127

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting (XSS).This issue affects GoldenHorn: before 4.25.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-1161

    Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-13955

    Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2025-12046

    A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.... Read more

    Affected Products : app_store browser
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-65815

    A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-13953

    Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket, but the web application does not properly validat... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-7073

    A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback)... Read more

    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-2105

    An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 5243 Results