Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2025-21071

    Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.... Read more

    Affected Products : android
    • Published: Nov. 05, 2025
    • Modified: Nov. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-62705

    OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not lim... Read more

    Affected Products : openbao
    • Published: Oct. 22, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-11411

    NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation informatio... Read more

    Affected Products : unbound
    • Published: Oct. 22, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-24512

    Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Authorized adversary with an authenticated user combined with a high complexity attack... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.7

    MEDIUM
    CVE-2025-24847

    Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack ... Read more

    Affected Products : computing_improvement_program
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Information Disclosure

  • 5.7

    MEDIUM
    CVE-2025-40834

    A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.7

    MEDIUM
    CVE-2025-27712

    Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attac... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.7

    MEDIUM
    CVE-2025-31937

    Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a high complexity attack may enable denial o... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.6

    MEDIUM
    CVE-2024-32014

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative app... Read more

    Affected Products : spectrum_power_4
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 5.6

    MEDIUM
    CVE-2025-8871

    The Everest Forms (Pro) plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mime_content_type() function. This makes it possible for unauthenticated attackers... Read more

    Affected Products : everest_forms
    • Published: Nov. 05, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Injection

  • 5.6

    MEDIUM
    CVE-2025-12418

    Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configura... Read more

    Affected Products : installshield
    • Published: Nov. 07, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43348

    A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-62594

    ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile widt... Read more

    Affected Products : imagemagick
    • Published: Oct. 27, 2025
    • Modified: Nov. 03, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-13117

    A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. ... Read more

    Affected Products : mall
    • Published: Nov. 13, 2025
    • Modified: Nov. 15, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-46602

    Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... Read more

    Affected Products : supportassist_os_recovery
    • Published: Oct. 27, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-23300

    NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-12245

    A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin v... Read more

    Affected Products : chatwoot
    • Published: Oct. 27, 2025
    • Modified: Oct. 28, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-23330

    NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-13266

    A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName l... Read more

    Affected Products :
    • Published: Nov. 17, 2025
    • Modified: Nov. 17, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-53070

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris e... Read more

    Affected Products : solaris solaris
    • Published: Oct. 21, 2025
    • Modified: Oct. 27, 2025
Showing 20 of 3671 Results