Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-59510

    Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 5.5

    MEDIUM
    CVE-2025-13117

    A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attac... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-61840

    Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue ... Read more

    Affected Products : format_plugins
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-61844

    Format Plugins versions 1.1.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue ... Read more

    Affected Products : format_plugins
    • Published: Nov. 11, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-62209

    Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 5.5

    MEDIUM
    CVE-2025-54269

    Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this is... Read more

    Affected Products : macos windows animate
    • Published: Oct. 15, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-59419

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r... Read more

    Affected Products : netty
    • Published: Oct. 15, 2025
    • Modified: Oct. 17, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-62276

    The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported vers... Read more

    • Published: Nov. 01, 2025
    • Modified: Nov. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-13116

    A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch t... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 13, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-64183

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in Py... Read more

    Affected Products : openexr
    • Published: Nov. 10, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-43390

    A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-43394

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access protected user data.... Read more

    Affected Products : macos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2020-36855

    A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to app... Read more

    Affected Products : dcmtk
    • Published: Oct. 21, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2022-4981

    A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be a... Read more

    Affected Products : dcmtk
    • Published: Oct. 21, 2025
    • Modified: Oct. 31, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-23330

    NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-23300

    NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.... Read more

    Affected Products : geforce tesla
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2025-46602

    Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,... Read more

    Affected Products : supportassist_os_recovery
    • Published: Oct. 27, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-48430

    Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (M... Read more

    Affected Products :
    • Published: Oct. 23, 2025
    • Modified: Oct. 27, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43379

    This issue was addressed with improved validation of symlinks. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to access protected user data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Nov. 04, 2025
    • Modified: Nov. 04, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-11839

    A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the ... Read more

    Affected Products : binutils
    • Published: Oct. 16, 2025
    • Modified: Nov. 06, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 3912 Results