Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-64311

    Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-64313

    Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Nov. 28, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-13946

    MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-58485

    Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.... Read more

    Affected Products : internet
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-58486

    Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.... Read more

    Affected Products : account
    • Published: Dec. 02, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-63402

    An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests... Read more

    Affected Products : dragon
    • Published: Dec. 03, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-63401

    Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives... Read more

    Affected Products : dragon
    • Published: Dec. 03, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2025-14696

    A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to wea... Read more

    Affected Products :
    • Published: Dec. 15, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-64715

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not... Read more

    Affected Products : cilium
    • Published: Nov. 29, 2025
    • Modified: Dec. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-13945

    HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service... Read more

    Affected Products : wireshark
    • Published: Dec. 03, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-66329

    Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-46276

    An information disclosure issue was addressed with improved privacy controls. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2. An app m... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Published: Dec. 12, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-66323

    Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-43530

    This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Dec. 12, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-43465

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2025-48576

    In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges need... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-43471

    The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Information Disclosure

  • 5.5

    MEDIUM
    CVE-2025-42891

    Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on ... Read more

    Affected Products :
    • Published: Dec. 09, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 5.5

    MEDIUM
    CVE-2025-66548

    Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into do... Read more

    Affected Products : deck notes
    • Published: Dec. 05, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2025-43470

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 4842 Results