Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.1

HIGH

CVE-2025-41749

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability ...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41747

An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulne...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41746

An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulner...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41748

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41750

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilit...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41751

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-41752

An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabilit...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenev...

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
8.8

HIGH

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Request Forgery
8.8

HIGH

CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1....

Affected Products : frappe_crm
Published: Nov. 26, 2025

Modified: Dec. 19, 2025

Vuln Type: Injection
8.8

HIGH

CVE-2025-2486

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous...

Affected Products : edk2
Published: Nov. 26, 2025

Modified: Dec. 19, 2025

Vuln Type: Misconfiguration
8.5

HIGH

CVE-2025-13733

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2....

Affected Products : buhontfs
Published: Dec. 12, 2025

Modified: Dec. 19, 2025

Vuln Type: Authorization
9.3

CRITICAL

CVE-2025-11921

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4....

Affected Products : istats
Published: Nov. 24, 2025

Modified: Dec. 19, 2025

Vuln Type: Injection
7.1

HIGH

CVE-2025-41745

An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnera...

Affected Products : fl_nat_2208_firmware fl_nat_2304-2gc-2sfp_firmware fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware +128 more products
Published: Dec. 09, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.5

MEDIUM

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time....

Affected Products : libexpat
Published: Nov. 28, 2025

Modified: Dec. 19, 2025

Vuln Type: Denial of Service
9.8

CRITICAL

CVE-2025-66219

willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execut...

Affected Products : willitmerge
Published: Nov. 29, 2025

Modified: Dec. 19, 2025

Vuln Type: Injection
4.3

MEDIUM

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows una...

Affected Products : nextcloud_server
Published: Dec. 12, 2025

Modified: Dec. 19, 2025

Vuln Type: Authorization

Showing 20 of 4349 Results

Browse by Apps

Latest CVE Feed

7.1

7.1

7.1

7.1

7.1

7.1

7.1

6.1

5.4

5.4

6.1

8.8

8.8

8.8

8.5

9.3

7.1

5.5

9.8

4.3

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable