Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.4

    HIGH
    CVE-2025-67505

    Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one req... Read more

    Affected Products :
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Race Condition

  • 8.4

    HIGH
    CVE-2025-66461

    FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affect... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Misconfiguration

  • 8.4

    HIGH
    CVE-2025-61812

    ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more

    Affected Products : coldfusion
    • Published: Dec. 10, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-2296

    EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and... Read more

    Affected Products : edk2
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-66237

    DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2025-66627

    Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by ... Read more

    Affected Products : wasmi
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-64057

    Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.... Read more

    Affected Products : x210_firmware x210
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2025-13932

    The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.... Read more

    Affected Products :
    • Published: Dec. 04, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-58098

    Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended ... Read more

    Affected Products : http_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-42620

    In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitr... Read more

    Affected Products :
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-65036

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This... Read more

    Affected Products : pro_macros
    • Published: Dec. 05, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-67843

    A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 8.3

    HIGH
    CVE-2025-15164

    A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15163

    A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carr... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15162

    A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be exec... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-15177

    A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 29, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2025-14273

    Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, whic... Read more

    Affected Products : mattermost_server
    • Published: Dec. 22, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-15161

    A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. Th... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption

  • 8.3

    HIGH
    CVE-2024-44599

    FNT Command 13.4.0 is vulnerable to Directory Traversal.... Read more

    Affected Products : fnt_command
    • Published: Dec. 15, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.3

    HIGH
    CVE-2025-15160

    A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been ... Read more

    Affected Products : wh450_firmware wh450
    • Published: Dec. 28, 2025
    • Modified: Dec. 30, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 5356 Results