Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-14993

    A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack ca... Read more

    Affected Products : ac18_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14994

    A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer ... Read more

    Affected Products : fh1201_firmware fh1206_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-67906

    In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.... Read more

    Affected Products : misp
    • Published: Dec. 15, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-14659

    A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remot... Read more

    Affected Products :
    • Published: Dec. 14, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14015

    A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14526

    A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit ... Read more

    Affected Products : ch22_firmware ch22
    • Published: Dec. 11, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13553

    A weakness has been identified in D-Link DWR-M920 1.1.50. This affects the function sub_41C7FC of the file /boafrm/formPinManageSetup. This manipulation of the argument submit-url causes buffer overflow. It is possible to initiate the attack remotely. The... Read more

    Affected Products : dwr-m920_firmware dwr-m920
    • Published: Nov. 23, 2025
    • Modified: Nov. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14995

    A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit... Read more

    Affected Products : fh1201_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-66224

    OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into th... Read more

    Affected Products : orangehrm
    • Published: Nov. 29, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14191

    A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack ... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-65267

    In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored c... Read more

    Affected Products : frappe erpnext
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    CRITICAL
    CVE-2025-3500

    Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-13828

    SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install ... Read more

    Affected Products : mautic
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 9.0

    CRITICAL
    CVE-2025-47372

    Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13551

    A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The affected element is an unknown function of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. The attack... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13549

    A vulnerability was found in D-Link DIR-822K 1.00. This issue affects the function sub_455524 of the file /boafrm/formNtp. Performing manipulation of the argument submit-url results in buffer overflow. Remote exploitation of the attack is possible. The ex... Read more

    Affected Products : dir-822k_firmware dir-822k
    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13547

    A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The e... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13552

    A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. The impacted element is an unknown function of the file /boafrm/formWlEncrypt. The manipulation of the argument submit-url results in buffer overflow. The atta... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13550

    A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack ca... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-13548

    A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. This vulnerability affects unknown code of the file /boafrm/formFirewallAdv. Such manipulation of the argument submit-url leads to buffer overflow. The attack may b... Read more

    • Published: Nov. 23, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4382 Results