Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-56120

    OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56118

    OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56122

    OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2023-52210

    Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0.... Read more

    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025

  • 8.8

    HIGH
    CVE-2023-53956

    Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, en... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 8.5

    HIGH
    CVE-2023-53954

    ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can injec... Read more

    Affected Products : actfax
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-53951

    Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-68430

    CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT s... Read more

    Affected Products : computer_vision_annotation_tool
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2023-53946

    Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to ex... Read more

    Affected Products : photostudio
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-53950

    InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alter... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2023-53949

    AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2023-53948

    Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a rev... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-12874

    Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vecto... Read more

    Affected Products : coexistence_manager_for_notes
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.5

    HIGH
    CVE-2023-53947

    OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-13365

    The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'hallo_welt_seite' function. This makes it possible for unauthenticat... Read more

    Affected Products :
    • Published: Dec. 20, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-62880

    Cross-Site Request Forgery (CSRF) vulnerability in Kunal Nagar Custom 404 Pro allows Cross Site Request Forgery.This issue affects Custom 404 Pro: from n/a through 3.12.0.... Read more

    Affected Products : custom_404_pro
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.2

    HIGH
    CVE-2025-61739

    Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-26379

    Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cryptography

  • 7.2

    HIGH
    CVE-2025-61740

    Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.... Read more

    Affected Products :
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-68327

    In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence describ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 22, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4564 Results