Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-69206

    Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The app... Read more

    Affected Products : hemmelig
    • Published: Dec. 29, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-65566

    A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Session Report Response that is missing the mandatory Cause Information Element, the session report... Read more

    Affected Products : upf
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-68120

    To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.... Read more

    Affected Products : go
    • Published: Dec. 30, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Misconfiguration

  • 9.4

    CRITICAL
    CVE-2025-66213

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with ... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-66212

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with ap... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-66211

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 9.4

    CRITICAL
    CVE-2025-66210

    Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/servic... Read more

    Affected Products : coolify
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-64676

    '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.... Read more

    Affected Products : purview office_purview
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026

  • 10.0

    CRITICAL
    CVE-2025-65041

    Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.... Read more

    Affected Products : partner_center
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026

  • 3.1

    LOW
    CVE-2025-65046

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026

  • 5.6

    MEDIUM
    CVE-2025-14267

    Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7... Read more

    Affected Products : m-files_server
    • Published: Dec. 19, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-15411

    A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It i... Read more

    Affected Products : wabt
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-66905

    The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and rea... Read more

    Affected Products : tkfiles
    • Published: Dec. 19, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-15412

    A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds... Read more

    Affected Products : wabt
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-65817

    LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.... Read more

    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-15417

    A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack mus... Read more

    Affected Products : open5gs
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66735

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.... Read more

    Affected Products : youlai-boot
    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-66736

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resu... Read more

    Affected Products : youlai-boot
    • Published: Dec. 22, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2025-15416

    A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The... Read more

    Affected Products : wangmarket
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-65865

    An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : fast_dds
    • Published: Dec. 23, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4694 Results