Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2025-15102

    DVP-12SE11T - Password Protection Bypass... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-15355

    ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-15233

    A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/... Read more

    Affected Products : m3_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15232

    A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possi... Read more

    Affected Products : m3_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15231

    A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be exec... Read more

    Affected Products : m3_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15230

    A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote ex... Read more

    Affected Products : m3_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-15229

    A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launc... Read more

    Affected Products : ch22_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Denial of Service

  • 5.0

    MEDIUM
    CVE-2025-15222

    A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remo... Read more

    Affected Products : sa-token
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-14313

    The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-14312

    The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-15221

    A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-15220

    A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remote... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-15219

    A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cro... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-15218

    A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument l... Read more

    Affected Products : ac10u_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15217

    A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated re... Read more

    Affected Products : ac23_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15216

    A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remo... Read more

    Affected Products : ac23_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15215

    A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overf... Read more

    Affected Products : ac10u_firmware
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-69235

    Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.... Read more

    Affected Products : whale
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-69234

    Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.... Read more

    Affected Products : whale
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-15214

    A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the argument Name results in cross site scripting. The attack may be performed from remote... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 5207 Results