Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-14519

    A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site ... Read more

    Affected Products : hfly
    • Published: Dec. 11, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-48769

    Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to... Read more

    Affected Products : nuttx
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-65832

    The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and ... Read more

    Affected Products : meatmeet
    • Published: Dec. 10, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2026-21489

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset fun... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2026-21488

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20787

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101498... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20786

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101498... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20785

    In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS101498... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20784

    In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20783

    In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.7

    MEDIUM
    CVE-2025-20782

    In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-48721

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th... Read more

    Affected Products : quts_hero qts
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-59380

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-59381

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-62852

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th... Read more

    Affected Products : quts_hero qts
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-9110

    An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have alre... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-9637

    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3... Read more

    Affected Products : quiz_and_survey_master
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-9318

    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied para... Read more

    Affected Products : quiz_and_survey_master
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-14552

    The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-9294

    The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This ... Read more

    Affected Products : quiz_and_survey_master
    • Published: Jan. 06, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Authorization
Showing 20 of 5152 Results