Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-40120

    In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so dis... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40171

    In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from __nvmet_fc_send_ls_req. For each command, a tgtport reference is ta... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40151

    In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. This causes a oops when running bpf selftest: $ ./te... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025

  • 7.8

    HIGH
    CVE-2025-60709

    Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.... Read more

    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40170

    In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(),... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40113

    In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-12869

    The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.... Read more

    Affected Products : a\+hrd
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-40112

    In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40125

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value of blk_mq_sysfs_register_hctxs() is not checked. If sys... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40162

    In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may return NULL on memory allocation failure, but the debug message prints cpus->dai_name before check... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40165

    In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usage_cou... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-40134

    In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when su... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-40153

    In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our customer's workload (~300GB hugetlb memory), soft lockup ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40115

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged with dev_printk() against &mpt3sas_port->port->dev. At... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-9316

    N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.... Read more

    Affected Products : n-central
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authentication

  • 8.7

    HIGH
    CVE-2025-62211

    Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.... Read more

    Affected Products : dynamics_365
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025

  • 0.0

    NA
    CVE-2025-40116

    In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the max3421_hcd->spi_thread pointer can be either error point... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-11454

    The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all versions up to, and including, 0.5.5 due to insufficient esc... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-40145

    In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure When devm_add_action_or_reset() fails, it calls the passed cleanup function. Hence the caller must not repeat that... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40163

    In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation through drmgr[2]. i.e "drmgr -c cpu -r -q 1" WARNING:... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 3724 Results