Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-5855

    A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5854

    A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The atta... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5853

    A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overf... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5852

    A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the ... Read more

    Affected Products : ac6_firmware ac6
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5851

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5850

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5849

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument ... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-5848

    A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argume... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-3461

    The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue a... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2025-3460

    The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-3459

    The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35010

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35009

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35008

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization o... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35007

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization o... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35006

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralizatio... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35005

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-35004

    Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of ... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32459

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument I... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 7.7

    HIGH
    CVE-2025-32458

    The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('... Read more

    Affected Products :
    • Published: Jun. 08, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection
Showing 20 of 291526 Results