Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,421
Quick preset (or use dates below)
Clear Filters
Showing 14,261 - 14,280 of 14,425 CVEs
CVE-2025-66864 HIGH - 7.5

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-66863 HIGH - 7.5

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-66862 HIGH - 7.5

A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Vendor: gnu
Product: binutils
Published: Dec 29, 2025
Source: NVD
CVE-2025-15197 HIGH - 7.2

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely...

Vendor: anirbandutta
Product: news-buzz
Published: Dec 29, 2025
Source: NVD
CVE-2025-69200 HIGH - 7.5

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configurati...

Vendor: phpmyfaq
Product: phpmyfaq
Published: Dec 29, 2025
Source: NVD
CVE-2025-68879 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68878 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68877 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from n/a through 1.0.6.

Published: Dec 29, 2025
Source: NVD
CVE-2025-68876 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8.

Published: Dec 29, 2025
Source: NVD
CVE-2025-15193 HIGH - 8.8

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and ma...

Vendor: dlink
Product: dwr-m920_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15192 HIGH - 8.8

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been ...

Vendor: dlink
Product: dwr-m920_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15191 HIGH - 8.8

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made...

Vendor: dlink
Product: dwr-m920_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15190 HIGH - 8.8

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public a...

Vendor: dlink
Product: dwr-m920_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15189 HIGH - 8.8

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used...

Vendor: dlink
Product: dwr-m920_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15180 HIGH - 7.2

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exp...

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15227 HIGH - 7.5

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Vendor: welltend
Product: bpmflowwebkit
Published: Dec 29, 2025
Source: NVD
CVE-2025-15179 HIGH - 7.2

A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15178 HIGH - 7.2

A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been ...

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD
CVE-2025-15225 HIGH - 7.5

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.

Vendor: sun.net
Product: wmpro
Published: Dec 29, 2025
Source: NVD
CVE-2025-15177 HIGH - 7.2

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been ...

Vendor: tenda
Product: wh450_firmware
Published: Dec 29, 2025
Source: NVD