Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-15254

    A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has b... Read more

    Affected Products : w6-s_firmware w6-s
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-15253

    A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. Th... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15252

    A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. Th... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15234

    A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buf... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15233

    A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.0

    HIGH
    CVE-2025-15232

    A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possi... Read more

    Affected Products : m3_firmware m3
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-69024

    Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-69023

    Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-69022

    Missing Authorization vulnerability in Weblizar - WordPress Themes &amp; Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.5.... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-69021

    Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.... Read more

    Affected Products : popup_box
    • Published: Dec. 30, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.9

    MEDIUM
    CVE-2025-68972

    In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (alth... Read more

    Affected Products : gnupg
    • Published: Dec. 27, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2025-66589

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of an allocated buffer. This could allow an attacker to disclose information or cause a sy... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-66588

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-66586

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the conte... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-66590

    In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system cra... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-66585

    In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.... Read more

    Affected Products : daqfactory
    • Published: Dec. 11, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Memory Corruption

  • 6.1

    MEDIUM
    CVE-2025-66906

    Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.... Read more

    Affected Products : turms
    • Published: Dec. 19, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-66908

    Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java us... Read more

    Affected Products : turms
    • Published: Dec. 19, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-66909

    Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without valida... Read more

    Affected Products : turms
    • Published: Dec. 19, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Denial of Service

  • 6.0

    MEDIUM
    CVE-2025-66910

    Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentic... Read more

    Affected Products : turms
    • Published: Dec. 19, 2025
    • Modified: Jan. 02, 2026
    • Vuln Type: Authentication
Showing 20 of 4694 Results