Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-68818

    In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to __... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68777

    In the Linux kernel, the following vulnerability has been resolved: Input: ti_am335x_tsc - fix off-by-one error in wire_order validation The current validation 'wire_order[i] > ARRAY_SIZE(config_pins)' allows wire_order[i] to equal ARRAY_SIZE(config_pin... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2026-0890

    Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.... Read more

    Affected Products : firefox firefox_esr
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68813

    In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer derefer... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68800

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will no... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68788

    In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MOD... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-68810

    In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as K... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-71096

    In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it do... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-68802

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_sy... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2026-0882

    Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.... Read more

    Affected Products : firefox firefox_esr
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68773

    In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large transfers with even size") failed to make sure that the s... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68815

    In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets cod... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68812

    In the Linux kernel, the following vulnerability has been resolved: media: iris: Add sanity check for stop streaming Add sanity check in iris_vb2_stop_streaming. If inst->state is already IRIS_INST_ERROR, we should skip the stream_off operation because ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-68776

    In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() prp_get_untagged_frame() calls __pskb_copy() to create frame->skb_std but doesn't check if the allocation failed. If __... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-71087

    In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bound... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68793

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix a job->pasid access race in gpu recovery Avoid a possible UAF in GPU recovery due to a race between the sched timeout callback and the tdr work queue. The gpu recovery ... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68799

    In the Linux kernel, the following vulnerability has been resolved: caif: fix integer underflow in cffrml_receive() The cffrml_receive() function extracts a length field from the packet header and, when FCS is disabled, subtracts 2 from this length with... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68794

    In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the cas... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68803

    In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a def... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-71023

    Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service
Showing 20 of 4612 Results