Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.2

    MEDIUM
    CVE-2025-66173

    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected product... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-66174

    There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected pro... Read more

    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-14701

    An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.... Read more

    Affected Products : crafty_controller
    • Published: Dec. 17, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.9

    CRITICAL
    CVE-2025-14700

    An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.... Read more

    Affected Products : crafty_controller
    • Published: Dec. 17, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-24857

    Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.... Read more

    Affected Products : u-boot
    • Published: Dec. 10, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2025-15045

    A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to ini... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2025-15044

    A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit ... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14936

    NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to ex... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14935

    NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exp... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14934

    NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exp... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14933

    NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vul... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14932

    NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-14931

    Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14930

    Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14929

    Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2025-14928

    Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required t... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14927

    Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14926

    Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to e... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14925

    Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Accelerate. User interaction is required to explo... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-14924

    Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection
Showing 20 of 4555 Results