Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-58410

    Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.... Read more

    Affected Products : ddk
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-41735

    A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution.... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-13282

    TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unaut... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-13267

    A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can b... Read more

    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-41350

    Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-12406

    The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage() function. This makes it possible for... Read more

    Affected Products :
    • Published: Nov. 18, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-13223

    Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • Published: Nov. 17, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.3

    MEDIUM
    CVE-2025-43079

    The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstal... Read more

    Affected Products :
    • Published: Nov. 10, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2025-60699

    A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into a fi... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: Nov. 13, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-60702

    A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. The `setDiagnosisCfg` function retrieves the `ipDoamin` parameter from user input via `websGetVar` and concatenates it ... Read more

    Affected Products : a950rg_firmware a950rg
    • Published: Nov. 13, 2025
    • Modified: Nov. 18, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-60685

    A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using ssca... Read more

    Affected Products : a720r_firmware a720r
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-64369

    Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.... Read more

    Affected Products : contact_form_email
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-64276

    Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.... Read more

    Affected Products : survey_maker
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-60693

    A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fix... Read more

    Affected Products : e1200_firmware e1200
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.9

    MEDIUM
    CVE-2025-60695

    A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provid... Read more

    Affected Products : e7350_firmware e7350
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-60694

    A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_n... Read more

    Affected Products : e1200_firmware e1200
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.4

    HIGH
    CVE-2025-60692

    A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format spe... Read more

    Affected Products : e1200_firmware e1200
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-60691

    A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sp... Read more

    Affected Products : e1200_firmware e1200
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-60690

    A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a... Read more

    Affected Products : e1200_firmware e1200
    • Published: Nov. 13, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-20374

    A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI fe... Read more

    Affected Products : unified_contact_center_express
    • Published: Nov. 05, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Path Traversal
Showing 20 of 3929 Results