Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-52872

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-53593

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-53591

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify mem... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 4.9

    MEDIUM
    CVE-2025-54164

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-54165

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-54166

    An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-47208

    An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applicat... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Denial of Service

  • 4.9

    MEDIUM
    CVE-2025-57705

    An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-15393

    A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content lead... Read more

    Affected Products : kodicms
    • Published: Dec. 31, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-13456

    The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-13153

    The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : logo_slider
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-12685

    The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.8

    MEDIUM
    CVE-2025-15438

    A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. Executing manipulation of the argument File can lead to deserialization. ... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 5.3

    MEDIUM
    CVE-2025-14047

    The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-69284

    Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is acce... Read more

    Affected Products : plane
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 7.0

    HIGH
    CVE-2025-62840

    A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. We have alread... Read more

    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-11157

    A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the u... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 3.4

    LOW
    CVE-2025-69412

    KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.... Read more

    Affected Products : messagelib
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2026-21436

    eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation of a package from a malicious or compromised source. Files in such packa... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Path Traversal

  • 5.8

    MEDIUM
    CVE-2025-15414

    A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing manipulation of the argument uri can lead to server-side request f... Read more

    Affected Products :
    • Published: Jan. 01, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 4326 Results