Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-51513

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2.... Read more

    Affected Products : geo_controller
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-13056

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects I... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68762

    In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c... Read more

    Affected Products : linux_kernel
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2026-0588

    A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attac... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.2

    CRITICAL
    CVE-2026-21440

    AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser throug... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 6.9

    MEDIUM
    CVE-2025-3660

    Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pe... Read more

    Affected Products :
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-12513

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-15450

    A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospital... Read more

    Affected Products : hosp_order
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15446

    A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection... Read more

    Affected Products : oa_web_application_system
    • Published: Jan. 04, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-65328

    Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, w... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 5.1

    MEDIUM
    CVE-2026-0587

    A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The a... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-67303

    An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-15026

    Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, ... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2026-21633

    A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: ... Read more

    Affected Products : unifi_protect
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-15022

    Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be u... Read more

    Affected Products : vaadin
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2026-0582

    A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The... Read more

    Affected Products : society_management_system
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-15439

    A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injec... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-67315

    Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.0

    MEDIUM
    CVE-2025-69416

    In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-57836

    An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.... Read more

    Affected Products :
    • Published: Jan. 05, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4266 Results