Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-48769

    Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to... Read more

    Affected Products : nuttx
    • Published: Jan. 01, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 4.6

    MEDIUM
    CVE-2025-65832

    The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and ... Read more

    Affected Products : meatmeet
    • Published: Dec. 10, 2025
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-48721

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th... Read more

    Affected Products : quts_hero qts
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 4.9

    MEDIUM
    CVE-2025-59380

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 4.9

    MEDIUM
    CVE-2025-59381

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-62852

    A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th... Read more

    Affected Products : quts_hero qts
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-9110

    An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have alre... Read more

    Affected Products : quts_hero qts qts quts_hero
    • Published: Jan. 02, 2026
    • Modified: Jan. 06, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2026-0565

    A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing manipulation of the argument del can lead to sql injection. The attack can be executed remot... Read more

    Affected Products : content_management_system
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-15432

    A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController... Read more

    Affected Products : carrental
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-15425

    A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation of the argument ID can lead to sql injection. The attack... Read more

    Affected Products : ksoa
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15424

    A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. Remote ex... Read more

    Affected Products : ksoa
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-15421

    A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be... Read more

    Affected Products : ksoa
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-15198

    A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remote... Read more

    Affected Products : college_notes_uploading_system
    • Published: Dec. 29, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-15199

    A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitatio... Read more

    Affected Products : college_notes_uploading_system
    • Published: Dec. 29, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-36937

    In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed fo... Read more

    Affected Products : android
    • Published: Dec. 11, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-36936

    In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 11, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-36935

    In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • Published: Dec. 11, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-36932

    In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • Published: Dec. 11, 2025
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-53597

    A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the f... Read more

    Affected Products : license_center
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-52871

    An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Li... Read more

    Affected Products : license_center
    • Published: Jan. 02, 2026
    • Modified: Jan. 05, 2026
    • Vuln Type: Information Disclosure
Showing 20 of 4692 Results