Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.1

HIGH

CVE-2025-14737

Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922....

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Injection
5.4

MEDIUM

CVE-2025-62961

Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9....

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-63002

Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0....

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Authorization
6.5

MEDIUM

CVE-2025-64235

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6....

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Path Traversal
7.1

HIGH

CVE-2025-67745

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, ...

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Information Disclosure
5.4

MEDIUM

CVE-2023-53936

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse ove...

Affected Products :
Published: Dec. 18, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Blog posts functionality in the Content Management area....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-65591

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Currencies functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
6.1

MEDIUM

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenev...

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Scripting
8.8

HIGH

CVE-2025-65593

nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality....

Affected Products : nopcommerce
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Cross-Site Request Forgery
7.8

HIGH

CVE-2025-10881

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10882

AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the con...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10883

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10884

AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10886

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process....

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10887

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process....

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10888

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the c...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10889

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process....

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption
7.8

HIGH

CVE-2025-10898

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the c...

Affected Products : 3ds_max autocad advance_steel autocad_architecture autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d revit +6 more products
Published: Dec. 16, 2025

Modified: Dec. 19, 2025

Vuln Type: Memory Corruption

Showing 20 of 4223 Results

Browse by Apps

Latest CVE Feed

7.1

5.4

5.3

6.5

7.1

5.4

6.1

5.4

5.4

6.1

8.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

7.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable