Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.0

HIGH

CVE-2025-12848

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScrip...

Affected Products : drupal webform_multiple_file_upload
Published: Nov. 26, 2025

Modified: Dec. 05, 2025

Vuln Type: Cross-Site Scripting
6.9

MEDIUM

CVE-2025-66265

CMService.exe creates the C:\\usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files (such as snmp.conf) or hijack DLLs to escalate privileges....

Affected Products :
Published: Nov. 26, 2025

Modified: Dec. 01, 2025

Vuln Type: Misconfiguration
7.2

HIGH

CVE-2025-66264

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation....

Affected Products :
Published: Nov. 26, 2025

Modified: Dec. 01, 2025

Vuln Type: Misconfiguration
8.9

HIGH

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_s...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.8

CRITICAL

CVE-2025-66262

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arb...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.9

CRITICAL

CVE-2025-66261

Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
7.2

HIGH

CVE-2025-66260

PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
9.8

CRITICAL

CVE-2025-66259

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in main_ok.php use...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
7.1

HIGH

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into ...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Cross-Site Scripting
9.2

CRITICAL

CVE-2025-66257

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.9

CRITICAL

CVE-2025-66256

Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Misconfiguration
9.9

CRITICAL

CVE-2025-66255

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation all...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Authentication
9.1

CRITICAL

CVE-2025-66254

Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter al...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.9

CRITICAL

CVE-2025-66253

Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec()...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Injection
8.4

HIGH

CVE-2025-66252

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Denial of Service
9.1

CRITICAL

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Path Traversal
9.8

CRITICAL

CVE-2025-66250

Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary ...

Affected Products : mozart_next_100_firmware mozart_next_100 mozart_next_1000_firmware mozart_next_1000 mozart_next_2000_firmware mozart_next_2000 mozart_next_30_firmware mozart_next_30 mozart_next_300_firmware mozart_next_300 +34 more products
Published: Nov. 26, 2025

Modified: Dec. 03, 2025

Vuln Type: Authentication
9.8

CRITICAL

CVE-2025-64657

Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network....

Affected Products : azure_app_gateway azure_application_gateway
Published: Nov. 26, 2025

Modified: Dec. 08, 2025
9.8

CRITICAL

CVE-2025-64656

Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network....

Affected Products : azure_app_gateway azure_application_gateway
Published: Nov. 26, 2025

Modified: Dec. 08, 2025
6.6

MEDIUM

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the L...

Affected Products : pypdf
Published: Nov. 26, 2025

Modified: Dec. 01, 2025

Vuln Type: Denial of Service

Showing 20 of 4540 Results

Browse by Apps

Latest CVE Feed

7.0

6.9

7.2

8.9

9.8

9.9

7.2

9.8

7.1

9.2

9.9

9.9

9.1

9.9

8.4

9.1

9.8

9.8

9.8

6.6

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable