Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-14136

    A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the f... Read more

    • Published: Dec. 06, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13553

    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The... Read more

    Affected Products : dwr-m920_firmware dwr-m920
    • Published: Nov. 23, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14015

    A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14526

    A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit ... Read more

    Affected Products : ch22_firmware ch22
    • Published: Dec. 11, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14191

    A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack ... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-66224

    OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into th... Read more

    Affected Products : orangehrm
    • Published: Nov. 29, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2025-47372

    Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-33210

    NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2025-65267

    In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored c... Read more

    Affected Products : frappe erpnext
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-13828

    SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install ... Read more

    Affected Products : mautic
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-3500

    Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13548

    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may b... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13551

    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13547

    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The e... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13552

    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The atta... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13550

    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack ca... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13549

    A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The ex... Read more

    Affected Products : dir-822k_firmware dir-822k
    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2025-66418

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps le... Read more

    Affected Products : urllib3
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Denial of Service

  • 8.9

    HIGH
    CVE-2025-66263

    Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_s... Read more

    • Published: Nov. 26, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Path Traversal

  • 8.9

    HIGH
    CVE-2025-68116

    FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An at... Read more

    Affected Products : filerise
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4371 Results