Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-12552

    Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    • Published: Oct. 31, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-12272

    A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer overflow. The attack may be initiated remotely. The exploit ... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12232

    A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing manipulation of the argument page results in buffer overflow. The attack can be initia... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12493

    The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. ... Read more

    Affected Products :
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-12378

    A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be i... Read more

    Affected Products : simple_food_ordering_system
    • Published: Oct. 28, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12210

    A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to ini... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-14003

    Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution p... Read more

    Affected Products : nagios_xi xi
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12268

    A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrest... Read more

    Affected Products : learnhouse
    • Published: Oct. 27, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-11953

    The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a PO... Read more

    Affected Products :
    • Published: Nov. 03, 2025
    • Modified: Nov. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12602

    /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more

    • Published: Nov. 01, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-12240

    A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack... Read more

    Affected Products : a3300r_firmware a3300r
    • Published: Oct. 27, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-12226

    A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the at... Read more

    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12305

    A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack ca... Read more

    Affected Products : shiyi-blog
    • Published: Oct. 27, 2025
    • Modified: Nov. 05, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2025-12296

    A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exp... Read more

    Affected Products : dap-2695_firmware dap-2695
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12487

    oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of oobabooga text-generation-webui. Authenti... Read more

    Affected Products :
    • Published: Nov. 06, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-12306

    A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. T... Read more

    Affected Products : nero_social_networking_site
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12215

    A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit h... Read more

    Affected Products : online_shopping_system
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-34277

    Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can caus... Read more

    Affected Products : log_server
    • Published: Oct. 30, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-12271

    A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly ... Read more

    Affected Products : ch22_firmware ch22
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-13257

    A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can... Read more

    Affected Products : inventory_management_system
    • Published: Nov. 17, 2025
    • Modified: Nov. 19, 2025
    • Vuln Type: Injection
Showing 20 of 3543 Results