Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 8.8

    HIGH
    CVE-2025-56096

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56094

    OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-67792

    An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.... Read more

    Affected Products : drivelock
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authentication
  • 8.8

    HIGH
    CVE-2025-64062

    The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation against the authenticated session. By manipulating the email parameter to an arbitrary value (e.g., [email protected]), ... Read more

    Affected Products : project_contract_management
    • Published: Nov. 25, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authentication
  • 8.8

    HIGH
    CVE-2024-32642

    Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.... Read more

    Affected Products : masacms
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Misconfiguration
  • 8.8

    HIGH
    CVE-2025-56093

    OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2023-53952

    Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that ... Read more

    Affected Products : dotclear
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56092

    OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2023-53945

    BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that ... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-13483

    SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application.... Read more

    Affected Products :
    • Published: Nov. 25, 2025
    • Modified: Nov. 25, 2025
    • Vuln Type: Authentication
  • 8.8

    HIGH
    CVE-2025-56091

    OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56090

    OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56089

    OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56088

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56085

    OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-66297

    Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalat... Read more

    Affected Products : grav grav-plugin-admin
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-56086

    OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-66448

    vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, th... Read more

    Affected Products : vllm
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Misconfiguration
  • 8.8

    HIGH
    CVE-2025-56084

    OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.... Read more

    Affected Products :
    • Published: Dec. 11, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection
  • 8.8

    HIGH
    CVE-2025-66446

    MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue... Read more

    Affected Products : maxkb
    • Published: Dec. 11, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 4356 Results