Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-13724

    The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of ... Read more

    Affected Products : vikrentcar
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 8.5

    HIGH
    CVE-2025-66412

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular... Read more

    Affected Products : angular
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-13653

    In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileg... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-12630

    The Upload.am WordPress plugin before 1.0.1 is vulnerable to arbitrary option disclosure due to a missing capability check on its AJAX request handler, allowing users such as contributor to view site options.... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-13829

    Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes us... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-41742

    Sprecher Automations SPRECON-E-C,  SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access an... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cryptography

  • 8.7

    HIGH
    CVE-2025-66410

    Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete a... Read more

    Affected Products : gin-vue-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-13387

    The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2025-11772

    A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.... Read more

    Affected Products : fingerprint_driver
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-10543

    In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-65236

    OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-26155

    NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-61619

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61618

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61617

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61610

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61609

    In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61608

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-61607

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-3012

    In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service
Showing 20 of 4869 Results