Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-15218

    A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument l... Read more

    Affected Products : ac10u_firmware ac10u
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15215

    A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overf... Read more

    Affected Products : ac10u_firmware ac10u
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15230

    A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote ex... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15217

    A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated re... Read more

    Affected Products : ac23_firmware ac23
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15231

    A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be exec... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15232

    A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possi... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15216

    A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remo... Read more

    Affected Products : ac23_firmware ac23
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15234

    A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buf... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-33210

    NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Information Disclosure

  • 9.0

    HIGH
    CVE-2025-15431

    A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit h... Read more

    Affected Products :
    • Published: Jan. 02, 2026
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    CRITICAL
    CVE-2025-67906

    In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.... Read more

    Affected Products : misp
    • Published: Dec. 15, 2025
    • Modified: Dec. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2026-0836

    A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possi... Read more

    Affected Products :
    • Published: Jan. 11, 2026
    • Modified: Jan. 11, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2026-0839

    A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit ... Read more

    Affected Products :
    • Published: Jan. 11, 2026
    • Modified: Jan. 11, 2026
    • Vuln Type: Memory Corruption

  • 8.9

    HIGH
    CVE-2026-22607

    Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of ... Read more

    Affected Products : fickling
    • Published: Jan. 10, 2026
    • Modified: Jan. 10, 2026
    • Vuln Type: Misconfiguration

  • 8.9

    HIGH
    CVE-2026-22608

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two togeth... Read more

    Affected Products : fickling
    • Published: Jan. 10, 2026
    • Modified: Jan. 10, 2026
    • Vuln Type: Injection

  • 8.9

    HIGH
    CVE-2026-22609

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles... Read more

    Affected Products : fickling
    • Published: Jan. 10, 2026
    • Modified: Jan. 10, 2026
    • Vuln Type: Supply Chain

  • 8.9

    HIGH
    CVE-2026-22612

    Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.... Read more

    Affected Products : fickling
    • Published: Jan. 10, 2026
    • Modified: Jan. 10, 2026
    • Vuln Type: Misconfiguration

  • 8.9

    HIGH
    CVE-2026-22606

    Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as S... Read more

    Affected Products : fickling
    • Published: Jan. 10, 2026
    • Modified: Jan. 10, 2026
    • Vuln Type: Misconfiguration

  • 8.9

    HIGH
    CVE-2025-68920

    C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 8.9

    HIGH
    CVE-2026-22194

    GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perfor... Read more

    Affected Products : gestsup
    • Published: Jan. 09, 2026
    • Modified: Jan. 09, 2026
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 4286 Results