Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.9

HIGH

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_s...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.8

CRITICAL

CVE-2025-66262

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arb...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.9

CRITICAL

CVE-2025-66261

Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
7.2

HIGH

CVE-2025-66260

PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
9.8

CRITICAL

CVE-2025-66259

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in main_ok.php use...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
7.1

HIGH

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into ...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Cross-Site Scripting
9.2

CRITICAL

CVE-2025-66257

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.9

CRITICAL

CVE-2025-66256

Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Misconfiguration
9.9

CRITICAL

CVE-2025-66255

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation all...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Authentication
9.1

CRITICAL

CVE-2025-66254

Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter al...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.9

CRITICAL

CVE-2025-66253

Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec()...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
8.4

HIGH

CVE-2025-66252

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Denial of Service
9.1

CRITICAL

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.8

CRITICAL

CVE-2025-66250

Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary ...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Authentication
9.8

CRITICAL

CVE-2025-64657

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network....

Affected Products : azure_app_gateway azure_application_gateway
Published: Nov. 26, 2025

Modified: Dec. 08, 2025
9.8

CRITICAL

CVE-2025-64656

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network....

Affected Products : azure_app_gateway azure_application_gateway
Published: Nov. 26, 2025

Modified: Dec. 08, 2025
6.6

MEDIUM

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the L...

Affected Products : pypdf
Published: Nov. 26, 2025

Modified: Dec. 01, 2025

Vuln Type: Denial of Service
5.4

MEDIUM

CVE-2025-65963

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private s...

Affected Products : files
Published: Nov. 26, 2025

Modified: Dec. 01, 2025

Vuln Type: Authorization
8.8

HIGH

CVE-2025-65957

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configu...

Affected Products :
Published: Nov. 26, 2025

Modified: Dec. 01, 2025

Vuln Type: Information Disclosure
6.5

MEDIUM

CVE-2025-65956

Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an ...

Affected Products : formwork
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 4130 Results

Browse by Apps

Latest CVE Feed

8.9

9.8

9.9

7.2

9.8

7.1

9.2

9.9

9.9

9.1

9.9

8.4

9.1

9.8

9.8

9.8

6.6

5.4

8.8

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable