Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-69262

    pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables durin... Read more

    Affected Products : pnpm
    • Published: Jan. 07, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-68954

    Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This al... Read more

    Affected Products : panel wings
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-69197

    Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not suffi... Read more

    Affected Products : panel
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Authentication

  • 9.0

    HIGH
    CVE-2025-15462

    A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation of the argument timestart leads to buffer overflow. The attack is possible to be carried out remotely. T... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 05, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15461

    A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The ... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 05, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15460

    A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a manipulation of the argument EncryptionMode results in buffer overflow. Remote exploitation of the attack is ... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 05, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15459

    A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formUser. Such manipulation of the argument passwd1 leads to buffer overflow. The attack may be launched remotely. Th... Read more

    Affected Products : 520w_firmware 520w
    • Published: Jan. 05, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2026-21507

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026

  • 7.8

    HIGH
    CVE-2026-21673

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who proce... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2026-21674

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2026-21675

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2026-21486

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CI... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2026-21487

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::LoadTag function.... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-21676

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2026-21677

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.... Read more

    Affected Products : iccdev
    • Published: Jan. 06, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15431

    A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit h... Read more

    Affected Products : 512w_firmware 512w
    • Published: Jan. 02, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15428

    A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploi... Read more

    Affected Products : 512w_firmware 512w
    • Published: Jan. 02, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15430

    A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing manipulation of the argument oldfilename results in buffer overflow. The attack can be init... Read more

    Affected Products : 512w_firmware 512w
    • Published: Jan. 02, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15429

    A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is po... Read more

    Affected Products : 512w_firmware 512w
    • Published: Jan. 02, 2026
    • Modified: Jan. 12, 2026
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2023-53936

    Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse ove... Read more

    Affected Products : camaleon_cms
    • Published: Dec. 18, 2025
    • Modified: Jan. 12, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4512 Results