This page offers a live ATOM feed of the latest CVEs and Vulnerabilities from cvefeed.io. HIGH or CRITICAL
- CVE-2025-12209 - Tenda O3 setDhcpConfig GetValue stack-based overflow
- CVE-2025-12198 - dnsmasq Config File util.c parse_hex heap-based overflow
- CVE-2025-12285 - Missing Initial Password Change
- CVE-2025-12275 - Mail Configuration File Manipulation + Command Execution
- CVE-2025-12218 - Weak Default Credentials
- CVE-2025-12216 - Malicious / Malformed App can be Installed but not Uninstalled
- CVE-2025-11893 - Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection
- CVE-2025-10488 - Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move
- CVE-2025-12095 - Simple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval
- CVE-2025-34293 - GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure
- CVE-2025-60954 - Microweber CMS Weak Password Requirements Vulnerability
- CVE-2025-62716 - Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter
- CVE-2025-62714 - Karmada Dashboard API Unauthorized Access Vulnerability
- CVE-2025-60803 - Antabot White-Jotter RCE
- CVE-2025-60801 - jshERP Unauthenticated Remote Code Execution Vulnerability
- CVE-2025-60554 - D-Link DIR600L Ax Buffer Overflow Vulnerability
- CVE-2025-60553 - D-Link DIR600L Ax Buffer Overflow
- CVE-2025-60548 - D-Link DIR600L Ax Buffer Overflow Vulnerability
- CVE-2025-12176 - Undocumented Administrative Accounts
- CVE-2025-8536 - SQL Injection in DobryCMS
- CVE-2025-43995 - Dell Storage Center - Dell Storage Manager Authentication Bypass