Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40345

    In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogu... Read more

    Affected Products : linux_kernel
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-67750

    Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5 and below allow a maliciously crafted flow metadata file to cause arbitrary JavaScript execution during ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 8.6

    HIGH
    CVE-2025-8083

    The Preset configuration https://v2.vuetifyjs.com/en/features/presets  feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html  due to the internal 'mergeDeep... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-14569

    A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit ... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-58299

    PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain... Read more

    Affected Products : ftp_server
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-8082

    Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss  attack. The vulnerabilit... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0969

    The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get_users() function. This makes it possible for authenticated attackers, with Contributor-level access and ... Read more

    Affected Products : brizy
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-13823

    A security issue was found in the IPv6 stack in the Micro850 and Micro870 controllers when the controllers received multiple malformed packets during fuzzing. The controllers will go into recoverable fault with fault code 0xFE60. To recover the controller... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Denial of Service

  • 8.5

    HIGH
    CVE-2025-36750

    ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engi... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.4

    CRITICAL
    CVE-2025-36747

    ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Misconfiguration

  • 6.3

    MEDIUM
    CVE-2025-14660

    A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes ... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-14672

    A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. ... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-14691

    A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-14695

    A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component Inter-plugin API. Executing manipulation of the argument... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-14674

    A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpress... Read more

    Affected Products : snail-job
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-14699

    A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. The attack needs to be performed locally. The exploit has... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-14696

    A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to wea... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2025-14697

    A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories acce... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-14702

    A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit h... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-13094

    The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: Dec. 13, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication
Showing 20 of 4690 Results