Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.7

    HIGH
    CVE-2025-64645

    IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Race Condition

  • 5.4

    MEDIUM
    CVE-2025-36230

    IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-36229

    IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Information Disclosure

  • 3.8

    LOW
    CVE-2025-36228

    IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-25341

    A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-15099

    A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper ... Read more

    Affected Products : sim
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-15093

    A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Per... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-15092

    A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exp... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15091

    A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack r... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-67013

    The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoint... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-56087

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua.... Read more

    Affected Products : rg-bcr600w_firmware rg-bcr600w
    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56107

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua.... Read more

    Affected Products : rg-bcr600w_firmware rg-bcr600w
    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56096

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua.... Read more

    Affected Products : rg-bcr600w_firmware rg-bcr600w
    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56082

    OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua.... Read more

    Affected Products : rg-bcr600w_firmware rg-bcr600w
    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56077

    OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-56079

    OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.... Read more

    • Published: Dec. 11, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-36192

    IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to mi... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-14687

    IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-13915

    IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-13489

    IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.... Read more

    • Published: Dec. 15, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 4866 Results