Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-43402

    The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2025
    • Modified: Dec. 15, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14930

    Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required... Read more

    Affected Products : transformers
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-14928

    Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required t... Read more

    Affected Products : transformers
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-48606

    In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-54100

    Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 24, 2025

  • 7.8

    HIGH
    CVE-2025-13716

    Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required ... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-48637

    In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 11, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-48624

    In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-53919

    An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could po... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-48628

    In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48627

    In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-62221

    Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Actively Exploited
    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025

  • 7.8

    HIGH
    CVE-2025-14490

    RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-48575

    In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-67488

    SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. ... Read more

    Affected Products : siyuan
    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025
    • Vuln Type: Path Traversal

  • 7.8

    HIGH
    CVE-2025-48588

    In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-10882

    AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the con... Read more

    • Published: Dec. 16, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-14401

    PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerability in th... Read more

    Affected Products :
    • Published: Dec. 23, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-48612

    In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileg... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-9452

    A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    • Published: Dec. 16, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4818 Results