Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-69083

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-69085

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2020-36910

    Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2020-36912

    Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary web... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2020-36920

    iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2020-36917

    iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capt... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2020-36906

    P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify s... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-60262

    An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatic... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-15001

    The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2026-21411

    Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 4.7

    MEDIUM
    CVE-2025-12540

    The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the... Read more

    Affected Products : dashboard_for_google_analytics
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-12793

    An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Securi... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Misconfiguration

  • 6.4

    MEDIUM
    CVE-2025-4776

    The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : phlox
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12067

    The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it poss... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-13964

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthent... Read more

    Affected Products : learnpress
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2020-36921

    RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log info... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-14979

    AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.... Read more

    Affected Products : eddie
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-39477

    Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.... Read more

    Affected Products : injob
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-69084

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through 2.7.7.26.... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-13744

    An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate se... Read more

    Affected Products : enterprise_server
    • Published: Jan. 06, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4315 Results