Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-52601

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cryptography

  • 5.8

    MEDIUM
    CVE-2025-8075

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an att... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-59887

    Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2025-15095

    A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit h... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.4

    HIGH
    CVE-2025-68922

    OpenOps before 0.6.11 allows remote code execution in the Terraform block.... Read more

    Affected Products :
    • Published: Dec. 25, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-52599

    Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware f... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-15170

    A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site sc... Read more

    Affected Products : gems_erp_portal
    • Published: Dec. 29, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-15144

    A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cro... Read more

    Affected Products : xunruicms
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-15140

    A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-15139

    A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4  of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploi... Read more

    Affected Products : tew-822dre_firmware
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-15136

    A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command inj... Read more

    Affected Products : tew-800mb_firmware
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-57403

    Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory travers... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-15127

    A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId l... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 9.9

    CRITICAL
    CVE-2025-66203

    StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via ... Read more

    Affected Products :
    • Published: Dec. 27, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-15129

    A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to... Read more

    Affected Products :
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15109

    A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to i... Read more

    Affected Products :
    • Published: Dec. 27, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-15116

    A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The at... Read more

    Affected Products : opencart
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 3.1

    LOW
    CVE-2025-15117

    A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack ... Read more

    Affected Products : sa-token
    • Published: Dec. 28, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-14954

    A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The man... Read more

    Affected Products : open5gs
    • Published: Dec. 19, 2025
    • Modified: Dec. 28, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-14965

    A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 27, 2025
    • Vuln Type: Path Traversal
Showing 20 of 5152 Results