Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-25237

    V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2019-25233

    AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and exe... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.3

    CRITICAL
    CVE-2018-25147

    Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefin... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2018-25144

    Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2019-25247

    Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an adm... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2018-25146

    Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidde... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2018-25142

    NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: XML External Entity

  • 9.8

    CRITICAL
    CVE-2019-25236

    iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/g... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 5.1

    MEDIUM
    CVE-2018-25149

    Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify sy... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2018-25127

    SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create ... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-68571

    Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0.... Read more

    Affected Products : salesmanago
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68570

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68568

    Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture &amp; Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.T... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-68500

    Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10.... Read more

    Affected Products : prime_slider
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-67630

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-68521

    Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.... Read more

    Affected Products : wpstream
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68523

    Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.... Read more

    Affected Products : spiffy_calendar
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68530

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Bookory bookory allows PHP Local File Inclusion.This issue affects Bookory: from n/a through <= 2.2.7.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-68532

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Stored XSS.This issue affects ModelTheme Addons for WPBaker... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-68584

    Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery.This issue affects Vimeotheque: from n/a through <= 2.3.5.2.... Read more

    Affected Products : vimeotheque
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4519 Results