Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2026-0406

    An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-71088

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: WARNING: CPU: 3 PID: 33 at net/mptcp/subflow.c:1515 subf... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-71080

    In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the current task can be preempted. Another task running on the s... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68822

    In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-free bugs caused by dev3_register_work The dev3_register_work delayed work item is initialized within alps_reconnect() and scheduled upon receipt of the firs... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-71076

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading t... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-71099

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetime of oa_... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-54855

    fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cryptography

  • 0.0

    NA
    CVE-2025-68798

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NU... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2025-68779

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> mlx5e_psp_unregister This leads to a refcount underflo... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68790

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix double unregister of HCA_PORTS component Clear hca_devcom_comp in device's private data after unregistering it in LAG teardown. Otherwise a slightly lagging second pass th... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68791

    In the Linux kernel, the following vulnerability has been resolved: fuse: missing copy_finish in fuse-over-io-uring argument copies Fix a possible reference count leak of payload pages during fuse argument copies. [Joanne: simplified error cleanup]... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68810

    In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as K... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68802

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_sy... Read more

    Affected Products : linux_kernel
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2025-25176

    Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform.... Read more

    Affected Products : ddk
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-46685

    Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of pri... Read more

    Affected Products : supportassist_os_recovery
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-37165

    A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting im... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2026-0408

    A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to ... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Path Traversal

  • 5.1

    MEDIUM
    CVE-2025-15056

    A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.... Read more

    Affected Products : quill
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-37172

    Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a priv... Read more

    Affected Products :
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2026-22791

    openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host p... Read more

    Affected Products : opencryptoki
    • Published: Jan. 13, 2026
    • Modified: Jan. 14, 2026
    • Vuln Type: Memory Corruption
Showing 20 of 4630 Results