Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-60645

    A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-40200

    In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying S... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025

  • 6.1

    MEDIUM
    CVE-2025-59491

    Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.1

    LOW
    CVE-2025-20378

    In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk We... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.5

    HIGH
    CVE-2024-47866

    Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a ... Read more

    Affected Products : ceph
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2025-46427

    Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerabi... Read more

    Affected Products : smartfabric_os10
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2025-12047

    A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application.... Read more

    Affected Products : scanner_pro
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 7.7

    HIGH
    CVE-2025-12048

    An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system.... Read more

    Affected Products : scanner_pro
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration

  • 8.7

    HIGH
    CVE-2016-15055

    JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can le... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-52331

    Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command inclu... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-56385

    A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL quer... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-33119

    IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.... Read more

    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-40193

    In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows th... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40192

    In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc. This patch has a subtle bug that can cause the IPMI driver to go in... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-40194

    In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-65001

    Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability.... Read more

    Affected Products :
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40205

    In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40202

    In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is ... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40182

    In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg") introduced cra_reqsize field in crypto_alg struct to replace type specific reqsi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-40188

    In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will b... Read more

    Affected Products : linux_kernel
    • Published: Nov. 12, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 3726 Results