Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 7.5

    HIGH
    CVE-2025-64085

    A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : pdf-xchange_editor
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2025-65831

    The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another ... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Cryptography
  • 7.5

    HIGH
    CVE-2025-65877

    Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query... Read more

    Affected Products : lvzhou_cms
    • Published: Dec. 02, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Injection
  • 7.5

    HIGH
    CVE-2025-48592

    In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption
  • 7.5

    HIGH
    CVE-2025-63094

    XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure
  • 7.5

    HIGH
    CVE-2025-59775

    Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are re... Read more

    Affected Products : http_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Server-Side Request Forgery
  • 7.5

    HIGH
    CVE-2025-63036

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Path Traversal
  • 7.5

    HIGH
    CVE-2025-42877

    SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on conf... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Memory Corruption
  • 7.5

    HIGH
    CVE-2025-65821

    As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Ad... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Misconfiguration
  • 7.5

    HIGH
    CVE-2025-63895

    An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2025-57212

    Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request.... Read more

    Affected Products : platform
    • Published: Dec. 04, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization
  • 7.5

    HIGH
    CVE-2025-11132

    In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more

    Affected Products : android t8300 t8100 t8200 t9100
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2025-15078

    A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The ex... Read more

    Affected Products : student_management_system
    • Published: Dec. 25, 2025
    • Modified: Dec. 25, 2025
    • Vuln Type: Injection
  • 7.5

    HIGH
    CVE-2025-68494

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a ... Read more

    Affected Products : premium_addons_for_elementor
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Information Disclosure
  • 7.5

    HIGH
    CVE-2025-66379

    Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 25, 2025
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2025-46175

    Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.... Read more

    Affected Products : ruoyi
    • Published: Nov. 26, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization
  • 7.5

    HIGH
    CVE-2025-32095

    Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 25, 2025
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2025-66443

    Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.... Read more

    Affected Products : infinity
    • Published: Dec. 25, 2025
    • Modified: Dec. 25, 2025
    • Vuln Type: Denial of Service
  • 7.5

    HIGH
    CVE-2025-15077

    A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotel... Read more

    Affected Products : student_management_system
    • Published: Dec. 25, 2025
    • Modified: Dec. 25, 2025
    • Vuln Type: Injection
  • 7.5

    HIGH
    CVE-2025-15048

    A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing manipulation of the argument ipaddress can lead to command injection. The attack can b... Read more

    Affected Products : wh450_firmware
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection
Showing 20 of 4850 Results