Latest Cybersecurity Vulnerabilities - Real-Time Updates
Stay ahead of cybersecurity threats with real-time updates on the latest vulnerabilities.
This page lists the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
including risk scores, affected vendors, and mitigation insights.
Keeping track of emerging threats helps security professionals protect their systems.
Latest 30 CVEs - Real-Time Cyber Threats
Cyber threats are constantly evolving, making real-time vulnerability tracking essential.
Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs),
providing key details such as affected vendors, impact levels, and risk scores.
Each CVE entry includes a brief summary and a direct link to its full details,
enabling cybersecurity professionals, system administrators, and developers to quickly assess
and mitigate potential security risks.
-
CVE-2025-15436 Exploitable Vulnerability Warning
A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 08:15 UTC (only 1 hour ago)
-
CVE-2025-15435 Exploitable Vulnerability Warning
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 08:15 UTC (only 1 hour ago)
-
CVE-2025-15434 Exploitable Vulnerability Warning
A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 07:15 UTC (only 2 hours ago)
-
CVE-2025-15432 Significant Vulnerability Warning
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project...
Score: 5.3/10
π¨ Significant Risk
Published on 02 Jan 2026, 07:15 UTC (only 2 hours ago)
-
CVE-2025-15431 Urgent Exploit Warning
A flaw has been found in UTT θΏε 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 8.8/10
β οΈ Severe Risk
Published on 02 Jan 2026, 06:15 UTC (only 3 hours ago)
-
CVE-2025-15430 Severe Vulnerability Alert
A vulnerability was detected in UTT θΏε 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 8.8/10
β οΈ Severe Risk
Published on 02 Jan 2026, 06:15 UTC (only 3 hours ago)
-
CVE-2025-15429 Urgent Exploit Warning
A security vulnerability has been detected in UTT θΏε 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 8.8/10
β οΈ Severe Risk
Published on 02 Jan 2026, 06:15 UTC (only 3 hours ago)
-
CVE-2025-14072 Technical Report
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.
β³ Analysis in Progress
02 Jan 2026, 06:15 UTC (3 hours ago)
-
CVE-2025-13456 Technical Report
The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
β³ Analysis in Progress
02 Jan 2026, 06:15 UTC (3 hours ago)
-
CVE-2025-13153 Security Notice
The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
β³ Analysis in Progress
02 Jan 2026, 06:15 UTC (3 hours ago)
-
CVE-2025-12685 Security Notice
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.
β³ Analysis in Progress
02 Jan 2026, 06:15 UTC (3 hours ago)
-
CVE-2025-15428 Immediate Threat Report
A weakness has been identified in UTT θΏε 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 8.8/10
β οΈ Severe Risk
Published on 02 Jan 2026, 05:15 UTC (only 4 hours ago)
-
CVE-2025-15427 Critical Security Advisory
A security flaw has been discovered in Seeyon Zhiyuan OA Web Application System up to 20251222. This impacts an unknown function of the file /carManager/carUseDetailList.j%73p. The manipulation of the argument CAR_BRAND_NO results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 04:15 UTC (only 5 hours ago)
-
CVE-2025-15426 Exploitable Vulnerability Warning
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 04:15 UTC (only 5 hours ago)
-
CVE-2025-15425 Critical Security Advisory
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 03:15 UTC (only 6 hours ago)
-
CVE-2025-15424 Severe Cybersecurity Threat
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 7.3/10
π₯ Very High Risk
Published on 02 Jan 2026, 03:15 UTC (only 6 hours ago)
-
CVE-2025-15423 High-Risk Security Alert
A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 6.3/10
π₯ High Risk
Published on 02 Jan 2026, 03:15 UTC (only 6 hours ago)
-
CVE-2025-14998 High-Severity Security Breach
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Score: 9.8/10
β οΈ Critical Risk
Published on 02 Jan 2026, 03:15 UTC (only 6 hours ago)
-
CVE-2025-14047 Exploit & Mitigation Report
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission β WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment.
Score: 5.3/10
π¨ Significant Risk
Published on 02 Jan 2026, 03:15 UTC (only 6 hours ago)
-
CVE-2025-15422 Significant Vulnerability Warning
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 5.3/10
π¨ Significant Risk
Published on 02 Jan 2026, 02:15 UTC (only 7 hours ago)
What are CVEs?
A Common Vulnerability and Exposure (CVE) is a publicly disclosed cybersecurity flaw
that can be exploited by attackers to compromise software, systems, or networks.
The CVE system is maintained by The CVE Program
and provides a unique identifier for each vulnerability.
CVEs are assigned a severity score using the Common Vulnerability Scoring System (CVSS),
which helps security teams prioritize their response to threats.
Why Tracking CVEs is Important?
Keeping track of the latest CVEs is crucial for organizations and IT security professionals.
Cybercriminals frequently exploit unpatched vulnerabilities to launch ransomware attacks, data breaches, and system takeovers.
By staying updated with the latest threats, companies can apply security patches,
adjust firewall rules, and implement security policies to minimize risks.