Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-15232

    A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possi... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-68916

    Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.... Read more

    Affected Products : netman_208
    • Published: Dec. 24, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2025-68935

    ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.... Read more

    Affected Products : document_server
    • Published: Dec. 25, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-68936

    ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.... Read more

    Affected Products : document_server
    • Published: Dec. 25, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-68938

    Gitea before 1.25.2 mishandles authorization for deletion of releases.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 8.2

    HIGH
    CVE-2025-68939

    Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2025-68940

    In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-68941

    Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-68942

    Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.... Read more

    Affected Products : gitea
    • Published: Dec. 26, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-68948

    SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffe... Read more

    Affected Products : siyuan
    • Published: Dec. 27, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2025-68914

    Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.... Read more

    Affected Products : netman_208
    • Published: Dec. 24, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-68915

    Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.... Read more

    Affected Products : netman_208
    • Published: Dec. 24, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-67108

    eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.... Read more

    Affected Products : fast_dds
    • Published: Dec. 23, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cryptography

  • 8.1

    HIGH
    CVE-2025-59384

    A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-59387

    An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the followi... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-14998

    The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it po... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-14627

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This is due to inadequate validation of the resolved URL after following Bitly shortlink ... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.0

    HIGH
    CVE-2025-62840

    A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have alread... Read more

    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-11157

    A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the u... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2015-10145

    Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an auth... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection
Showing 20 of 4334 Results