Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2025-64355

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through 2.7.12....

Affected Products : jetelements_for_elementor
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
8.2

HIGH

CVE-2025-11774

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mit...

Affected Products : mc_works64
Published: Dec. 19, 2025

Modified: Dec. 19, 2025

Vuln Type: Injection
5.3

MEDIUM

CVE-2025-14910

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. E...

Affected Products :
Published: Dec. 19, 2025

Modified: Dec. 19, 2025

Vuln Type: Path Traversal
4.8

MEDIUM

CVE-2025-64724

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious c...

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Misconfiguration
6.4

MEDIUM

CVE-2025-14449

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's babe-search-form shortcode in all versions up to, and including, 1.8.14 due to insufficient input sanitization and output escaping on user supplied a...

Affected Products : ba_book_everything
Published: Dec. 19, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenev...

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
8.8

HIGH

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Request Forgery
7.8

HIGH

CVE-2025-10881

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10882

AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the con...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10883

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10884

AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10886

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process....

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10887

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process....

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10888

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the c...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10889

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process....

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10898

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the c...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10899

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the c...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption

Showing 20 of 4204 Results

Browse by Apps

Latest CVE Feed

6.5

8.2

5.3

4.8

6.4

6.1

5.4

5.4

6.1

8.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable