Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2025-67858

    A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? b... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2026-21697

    axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the sha... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Race Condition

  • 6.4

    MEDIUM
    CVE-2025-14275

    The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authent... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2019-25291

    INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized sy... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 2.7

    LOW
    CVE-2026-21895

    The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.... Read more

    Affected Products : rsa
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-12640

    The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level au... Read more

    Affected Products : folders
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2026-0707

    A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that ... Read more

    Affected Products :
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-13679

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible ... Read more

    Affected Products : tutor_lms
    • Published: Jan. 08, 2026
    • Modified: Jan. 08, 2026
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2022-50802

    ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scri... Read more

    Affected Products : etap_safety_manager
    • Published: Dec. 30, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-15423

    A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been dis... Read more

    Affected Products : empirecms
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-15422

    A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotel... Read more

    Affected Products : empirecms
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-15436

    A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit... Read more

    Affected Products : ksoa
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-15435

    A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit h... Read more

    Affected Products : ksoa
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-15434

    A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and m... Read more

    Affected Products : ksoa
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2025-45286

    A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : go-httpbin
    • Published: Jan. 02, 2026
    • Modified: Jan. 07, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.5

    MEDIUM
    CVE-2025-69277

    libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-15269

    FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that ... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-15270

    FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vu... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-15271

    FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vu... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-15272

    FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerabil... Read more

    Affected Products : fontforge
    • Published: Dec. 31, 2025
    • Modified: Jan. 07, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4381 Results