Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-15221

    A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation... Read more

    Affected Products : cachecloud
    • Published: Dec. 30, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-63947

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated.... Read more

    Affected Products : phpmsadmin
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2023-47232

    Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6.... Read more

    Affected Products : wp_affiliate_disclosure
    • Published: Dec. 21, 2025
    • Modified: Jan. 06, 2026

  • 9.8

    CRITICAL
    CVE-2025-15102

    DVP-12SE11T - Password Protection Bypass... Read more

    Affected Products : dvp-12se11t_firmware dvp-12se11t
    • Published: Dec. 30, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-15103

    DVP-12SE11T - Authentication Bypass via Partial Password Disclosure... Read more

    Affected Products : dvp-12se11t_firmware dvp-12se11t
    • Published: Dec. 30, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-15358

    DVP-12SE11T - Denial of Service Vulnerability... Read more

    Affected Products : dvp-12se11t_firmware dvp-12se11t
    • Published: Dec. 30, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 7.2

    HIGH
    CVE-2025-15148

    A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code... Read more

    Affected Products : cmseasy
    • Published: Dec. 28, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-15155

    A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack re... Read more

    Affected Products : sokol
    • Published: Dec. 28, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-65559

    An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) if the CreatePDR?PDI?F-TEID has CH=1... Read more

    Affected Products : open5gs
    • Published: Dec. 18, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-69413

    In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.... Read more

    Affected Products : gitea
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2026-0544

    A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The ... Read more

    Affected Products : school_management_system
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-15404

    A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initia... Read more

    Affected Products : school_file_management_system
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-67703

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-67704

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-67705

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-67706

    ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-67707

    ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-67708

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-67709

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-67710

    There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a v... Read more

    Affected Products : linux_kernel arcgis_server windows
    • Published: Dec. 31, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4170 Results