Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-48599

    In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User inte... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 08, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-55233

    Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 12, 2025

  • 7.8

    HIGH
    CVE-2025-62461

    Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025

  • 7.8

    HIGH
    CVE-2025-48566

    In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48589

    In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-22420

    In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-12381

    Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command ... Read more

    Affected Products : linux_kernel firewall_analyzer
    • Published: Dec. 09, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-62561

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more

    • Published: Dec. 09, 2025
    • Modified: Dec. 10, 2025

  • 7.8

    HIGH
    CVE-2025-48536

    In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48588

    In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 09, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-48573

    In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges ... Read more

    Affected Products : android
    • Published: Dec. 08, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authentication

  • 7.7

    HIGH
    CVE-2024-9183

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform ac... Read more

    Affected Products : gitlab
    • Published: Dec. 05, 2025
    • Modified: Dec. 10, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-7044

    An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validate... Read more

    Affected Products : maas metal_as_a_service
    • Published: Dec. 03, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-69217

    coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAN... Read more

    Affected Products :
    • Published: Dec. 30, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cryptography

  • 7.7

    HIGH
    CVE-2025-1977

    The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configur... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2026-21428

    cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header line... Read more

    Affected Products : cpp-httplib
    • Published: Jan. 01, 2026
    • Modified: Jan. 01, 2026
    • Vuln Type: Server-Side Request Forgery

  • 7.7

    HIGH
    CVE-2025-64645

    IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.... Read more

    Affected Products : concert
    • Published: Dec. 26, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 7.7

    HIGH
    CVE-2025-68433

    Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file located within a project’s `.zed` subdirectory. A malicious MCP... Read more

    Affected Products :
    • Published: Dec. 17, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Misconfiguration

  • 7.7

    HIGH
    CVE-2023-25446

    Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.... Read more

    Affected Products :
    • Published: Dec. 21, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Authorization

  • 7.7

    HIGH
    CVE-2025-68477

    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only... Read more

    Affected Products : langflow
    • Published: Dec. 19, 2025
    • Modified: Dec. 19, 2025
    • Vuln Type: Server-Side Request Forgery
Showing 20 of 5219 Results