Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2026-0597

    A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation ... Read more

    Affected Products : supplier_management_system
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-15022

    Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be u... Read more

    Affected Products : vaadin
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2026-21444

    libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vect... Read more

    Affected Products : libtpms
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2026-0582

    A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The... Read more

    Affected Products : society_management_system
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2026-21634

    A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). ... Read more

    Affected Products : unifi_protect
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Denial of Service

  • 6.9

    MEDIUM
    CVE-2025-3660

    Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pe... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 10.0

    CRITICAL
    CVE-2025-64121

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-3646

    Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the ... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-52519

    An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of s... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2026-0625

    Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoi... Read more

    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2024-14020

    A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled mo... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 4.7

    MEDIUM
    CVE-2025-12540

    The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the... Read more

    Affected Products : dashboard_for_google_analytics
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-69083

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2020-36910

    Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-59379

    DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2020-36917

    iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capt... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2020-36905

    FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and p... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-14026

    Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libr... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-13746

    The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-14552

    The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4277 Results