Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-29371

    In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant m... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-67015

    Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.... Read more

    Affected Products :
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-55753

    An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeed... Read more

    Affected Products : http_server
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-68546

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-13806

    A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the c... Read more

    Affected Products :
    • Published: Dec. 01, 2025
    • Modified: Dec. 01, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1547

    A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-68156

    Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without en... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-68155

    @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plugin-rsc` allows unauthenticated arbitrary file read during development mode. An attacker can read... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-68066

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0.... Read more

    Affected Products : soledad
    • Published: Dec. 16, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-52196

    Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.... Read more

    Affected Products :
    • Published: Dec. 16, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2025-14190

    A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument cu... Read more

    Affected Products :
    • Published: Dec. 07, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-25341

    A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).... Read more

    Affected Products : libxmljs
    • Published: Dec. 26, 2025
    • Modified: Dec. 26, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-63364

    Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext.... Read more

    • Published: Dec. 04, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-1031

    Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-65797

    Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).... Read more

    Affected Products : memos
    • Published: Dec. 08, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-14812

    ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk.... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-14206

    A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to i... Read more

    Affected Products : online_student_clearance_system
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-65865

    An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-59789

    Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json ... Read more

    Affected Products : brpc
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-66905

    The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and rea... Read more

    Affected Products :
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Path Traversal
Showing 20 of 4780 Results