Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-66035

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP cl... Read more

    Affected Products : angular
    • Published: Nov. 26, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.1

    MEDIUM
    CVE-2025-66036

    Retro is an online platform providing items of vintage collections. Prior to version 2.4.7, Retro is vulnerable to a cross-site scripting (XSS) in the input handling component. This issue has been patched in version 2.4.7.... Read more

    Affected Products :
    • Published: Nov. 29, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-41739

    An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a... Read more

    • Published: Dec. 01, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Race Condition

  • 6.3

    MEDIUM
    CVE-2025-13805

    A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the comp... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-0657

    A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power c... Read more

    Affected Products :
    • Published: Nov. 27, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2020-36873

    Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup withou... Read more

    Affected Products :
    • Published: Nov. 26, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-13803

    A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-13806

    A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the c... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-13768

    WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-13770

    WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-13771

    WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-13769

    WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more

    Affected Products : webitr
    • Published: Nov. 28, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Injection
Showing 20 of 4852 Results