Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2018-25131

    Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser se... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-68582

    Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.... Read more

    Affected Products : funnelforms_free
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-68583

    Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-68591

    Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.15.... Read more

    Affected Products : simple_file_list
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68603

    Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-68496

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-68736

    In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 5.1

    MEDIUM
    CVE-2018-25133

    Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add ad... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2019-25244

    Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stor... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2019-25240

    Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video sna... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-68602

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.... Read more

    Affected Products : accept_donations_with_paypal
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2019-25235

    Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-s... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-8769

    Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on t... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-43875

    Under certain circumstances a successful exploitation could result in access to the device.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2019-25257

    LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration paramete... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2019-25253

    KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-68580

    Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-68581

    Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.1... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-68585

    Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68587

    Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.... Read more

    Affected Products : watu_quiz
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization
Showing 20 of 4685 Results