Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-15093

    A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Per... Read more

    Affected Products : flycms
    • Published: Dec. 26, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-15092

    A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exp... Read more

    Affected Products : 512w_firmware 512w
    • Published: Dec. 26, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-15091

    A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack r... Read more

    Affected Products : 512w_firmware 512w
    • Published: Dec. 26, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-15090

    A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from... Read more

    Affected Products : 512w_firmware 512w
    • Published: Dec. 25, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2025-13767

    Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the ... Read more

    Affected Products : mattermost_server
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-15089

    A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The ex... Read more

    Affected Products : 512w_firmware 512w
    • Published: Dec. 25, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Memory Corruption

  • 4.1

    MEDIUM
    CVE-2025-64641

    Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 fail to verify that post actions invoking /share-issue-publicly were created by the Jira plugin which allowed a malicious Mattermost user to exfiltrate Jira tic... Read more

    Affected Products : mattermost_server
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-68494

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a ... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2024-35322

    MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ficheiro parameter.... Read more

    Affected Products : mynet
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-40317

    A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP.... Read more

    Affected Products : mynet
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2023-53929

    phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an ad... Read more

    Affected Products : phpmyfaq
    • Published: Dec. 17, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2018-25138

    FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera in... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2018-25139

    FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record th... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • Published: Dec. 24, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2023-53928

    PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when... Read more

    Affected Products : phpfusion
    • Published: Dec. 17, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2023-53921

    SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application ... Read more

    Affected Products : sitemagic_cms
    • Published: Dec. 17, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2023-53917

    Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensi... Read more

    Affected Products : affiliate_me
    • Published: Dec. 17, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2023-53907

    Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters t... Read more

    Affected Products : bludit
    • Published: Dec. 17, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2023-53900

    Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through im... Read more

    Affected Products : spip
    • Published: Dec. 16, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-58308

    Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative acces... Read more

    Affected Products : quick_cms quick.cms
    • Published: Dec. 11, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-58280

    CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media direct... Read more

    Affected Products : cmsimple
    • Published: Dec. 10, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection
Showing 20 of 5374 Results