Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-68589

    Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.11.... Read more

    Affected Products : wp_telegram_widget_and_join_link
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68588

    Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.3.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-68572

    Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1.... Read more

    Affected Products : bbp_core
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68506

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-67625

    Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-67622

    Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-67633

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through <= 2.7.3.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-54140

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-67623

    Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2023-54144

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kernel warning during topology setup This patch fixes the following kernel warning seen during driver load by correctly initializing the p2plink attr before creating the... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-68608

    Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.... Read more

    Affected Products : userpro
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68537

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-68512

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through <= 4.11.4.... Read more

    Affected Products : real3d_flipbook
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68737

    In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from __change_memory_common The rodata=on security measure requires that any code path which does vmalloc -> set_memory_ro/set_memory_rox must pro... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.7

    HIGH
    CVE-2018-25141

    FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2018-25136

    FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middl... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2018-25128

    SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrati... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-2515

    A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can le... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68747

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF on kernel BO VA nodes If the MMU is down, panthor_vm_unmap_range() might return an error. We expect the page table to be updated still, and if the MMU is blocked, t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-68596

    Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.... Read more

    Affected Products : bit_assist
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 4492 Results