Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    CRITICAL
    CVE-2025-47372

    Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14134

    A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RE2000v2Repeater_get_wireless_clientlist_setClientsName of the file... Read more

    • Published: Dec. 06, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14995

    A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit... Read more

    Affected Products : fh1201_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13553

    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The... Read more

    Affected Products : dwr-m920_firmware dwr-m920
    • Published: Nov. 23, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14136

    A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the f... Read more

    • Published: Dec. 06, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14015

    A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-66224

    OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into th... Read more

    Affected Products : orangehrm
    • Published: Nov. 29, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14526

    A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit ... Read more

    Affected Products : ch22_firmware ch22
    • Published: Dec. 11, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14108

    A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes co... Read more

    Affected Products : q2c_nas_firmware q2c_nas
    • Published: Dec. 05, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14106

    A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injec... Read more

    Affected Products : q2c_nas_firmware q2c_nas
    • Published: Dec. 05, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-65267

    In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored c... Read more

    Affected Products : frappe erpnext
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-14107

    A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument sa... Read more

    Affected Products : q2c_nas_firmware q2c_nas
    • Published: Dec. 05, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-3500

    Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14659

    A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remot... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-13828

    SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install ... Read more

    Affected Products : mautic
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    HIGH
    CVE-2025-13548

    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may b... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13549

    A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The ex... Read more

    Affected Products : dir-822k_firmware dir-822k
    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13551

    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14654

    A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The... Read more

    Affected Products : ac20_firmware ac20
    • Published: Dec. 14, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13547

    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The e... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4329 Results