Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-35028

    By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal... Read more

    Affected Products :
    • Published: Nov. 30, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-66131

    Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a thr... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2025-63386

    A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: t... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2025-12106

    Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses... Read more

    Affected Products : openvpn
    • Published: Dec. 01, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14995

    A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit... Read more

    Affected Products : fh1201_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-33210

    NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    CRITICAL
    CVE-2025-67906

    In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.... Read more

    Affected Products : misp
    • Published: Dec. 15, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-14655

    A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime results in stack-base... Read more

    Affected Products : ac20_firmware ac20
    • Published: Dec. 14, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14196

    A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The ex... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14135

    A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation... Read more

    • Published: Dec. 06, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14572

    A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument hidcontact results in memory corruption. Remote exploitation of the attack is po... Read more

    Affected Products :
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14134

    A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RE2000v2Repeater_get_wireless_clientlist_setClientsName of the file... Read more

    • Published: Dec. 06, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14136

    A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the f... Read more

    • Published: Dec. 06, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14106

    A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injec... Read more

    Affected Products : q2c_nas_firmware q2c_nas
    • Published: Dec. 05, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14108

    A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes co... Read more

    Affected Products : q2c_nas_firmware q2c_nas
    • Published: Dec. 05, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14656

    A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from r... Read more

    Affected Products : ac20_firmware ac20
    • Published: Dec. 14, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-14993

    A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack ca... Read more

    Affected Products : ac18_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-47372

    Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication.... Read more

    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-66224

    OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into th... Read more

    Affected Products : orangehrm
    • Published: Nov. 29, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-14992

    A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buf... Read more

    Affected Products : ac18_firmware
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4921 Results