Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.3

    MEDIUM
    CVE-2025-1910

    The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobi... Read more

    Affected Products : mobile_vpn_with_ssl_client
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authentication
  • 7.5

    HIGH
    CVE-2025-1547

    A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption
  • 8.2

    HIGH
    CVE-2025-1545

    An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only ... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection
  • 6.7

    MEDIUM
    CVE-2025-13940

    An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. ... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration
  • 4.8

    MEDIUM
    CVE-2025-13939

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+54... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.8

    MEDIUM
    CVE-2025-13938

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4,... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.8

    MEDIUM
    CVE-2025-13937

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting
  • 4.8

    MEDIUM
    CVE-2025-13936

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4,... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting
  • 8.3

    HIGH
    CVE-2025-13932

    The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization
  • 6.0

    MEDIUM
    CVE-2025-12986

    When a WF200/WGM160P device is configured to operate as an Access Point, it may be vulnerable to a denial of service triggered by a malformed packet. The device may recover automatically or require a hard reset.... Read more

    Affected Products : gecko_software_development_kit
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Denial of Service
  • 8.6

    HIGH
    CVE-2025-12196

    An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 u... Read more

    Affected Products : firebox
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption
  • 8.6

    HIGH
    CVE-2025-12195

    An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and includ... Read more

    Affected Products : firebox
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption
  • 8.6

    HIGH
    CVE-2025-12026

    An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and in... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption
  • 8.7

    HIGH
    CVE-2025-11838

    A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway... Read more

    Affected Products : fireware_os
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Memory Corruption
  • 7.4

    HIGH
    CVE-2025-10285

    The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure
  • 4.6

    MEDIUM
    CVE-2025-64187

    OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the... Read more

    Affected Products : octoprint
    • Published: Nov. 07, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Cross-Site Scripting
  • 3.5

    LOW
    CVE-2025-64326

    Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be vie... Read more

    Affected Products : weblate
    • Published: Nov. 06, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Information Disclosure
  • 8.6

    HIGH
    CVE-2025-34239

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by su... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Injection
  • 6.9

    MEDIUM
    CVE-2025-34238

    Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and ret... Read more

    Affected Products : webaccess\/vpn
    • Published: Nov. 06, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Path Traversal
  • 6.5

    MEDIUM
    CVE-2025-4522

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to 2.1.9. By supplying an arbitrary user_id parameter val... Read more

    Affected Products : idonate
    • Published: Nov. 07, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Authorization
Showing 20 of 3249 Results